Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    05-11-2023 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-28_15f284782b1a9efb9b5ce8c604e1beb9_mafia_JC.exe

  • Size

    384KB

  • MD5

    15f284782b1a9efb9b5ce8c604e1beb9

  • SHA1

    aba385bafba576b191e6b98b60e9ae5fe96cdadb

  • SHA256

    0ab647e06f3dcb73618ddd214657be421535c5f6f91e5dcd89a1d1cb3641b0fa

  • SHA512

    dc7e98f54f061a1a53f0d5056cb4b3efb82c098ebdaa9b79e69d25dd66fc7bb4a8732eae19ec081e93ce19fd74972e836a7ee34fc2447eec97fbc64efc207c6f

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHEoHTtS6Hu9UYRZWG81Bp7sMyVThZ:Zm48gODxbzrTY6mZl4BghZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-28_15f284782b1a9efb9b5ce8c604e1beb9_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-28_15f284782b1a9efb9b5ce8c604e1beb9_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\454A.tmp
      "C:\Users\Admin\AppData\Local\Temp\454A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-28_15f284782b1a9efb9b5ce8c604e1beb9_mafia_JC.exe 4CCCF399A6141FA107AC0C72A6C6772ECA685DEB2FCF14273ED5CF70505B614F91758F47908FB53E88BECF38F6091953D697061B200CCFA39B4E763A4707D176
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\454A.tmp
    Filesize

    384KB

    MD5

    c1d0199837f0d53c8fadbc0398315bbb

    SHA1

    3a6409a82d4de10566effc6a9766ba9b76e3b199

    SHA256

    362009c12ff5ecac7a591308250325e14a7c5a33b10f7d07b224803919211223

    SHA512

    5e487dc0b47ca2b85ef7490621b9f0dacd99530db61849a1965c1a859a2061df19dc9ae9fb64e41ed38894988b3ff7cb5deea3da58c5a7d98f6d262a173965b8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\454A.tmp
    Filesize

    384KB

    MD5

    c1d0199837f0d53c8fadbc0398315bbb

    SHA1

    3a6409a82d4de10566effc6a9766ba9b76e3b199

    SHA256

    362009c12ff5ecac7a591308250325e14a7c5a33b10f7d07b224803919211223

    SHA512

    5e487dc0b47ca2b85ef7490621b9f0dacd99530db61849a1965c1a859a2061df19dc9ae9fb64e41ed38894988b3ff7cb5deea3da58c5a7d98f6d262a173965b8

    Download Submit