Overview

overview

10

Static

static

1

New Inquiry.exe

windows7_x64

10

New Inquiry.exe

windows10_x64

10

Analysis

  • max time kernel
    110s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    10-11-2021 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Inquiry.exe

  • Size

    247KB

  • MD5

    905db5df8d7a31ccd2c15fd5b90d3cd2

  • SHA1

    06ec98964ce0e4d64cfcf68b579fa28be7207a15

  • SHA256

    997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a

  • SHA512

    de02d56b22651e80442d06d4ad2d10a209e261cb048139f6d8c1822783cdee3f365186bfae4901549da51a9269af1daa9929ea7eb114a2bb09406975d5277142

Score
10/10
neshtapersistencespywarestealer

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 53 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New Inquiry.exe
    "C:\Users\Admin\AppData\Local\Temp\New Inquiry.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Users\Admin\AppData\Local\Temp\New Inquiry.exe
      "C:\Users\Admin\AppData\Local\Temp\New Inquiry.exe"
      2⤵
      • Modifies system executable filetype association
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies registry class
      PID:3176

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsw957B.tmp\xpgjtt.dll
    MD5

    cf4d50071a2c2fdfe2cbd07d42b4aaea

    SHA1

    214f85e9f8b1922333bd866d23bb97dbd8e12487

    SHA256

    44d8dedf859f5e3a174ae3f617cc4cc8fbfbc40f88d4a71f16c64c6b14e6b7a4

    SHA512

    a17f4c72c390c14044baddb53723d2fc3383ec7a2b5a89f66870f5dbb42863e0d259fec77013e8f5bd00739721e11fd8f38322e9f8a395d59dd9405927205d98

    Download Submit
  • memory/3176-119-0x0000000000000000-mapping.dmp
    Download
  • memory/3176-120-0x00000000001D0000-0x00000000001EB000-memory.dmp
    Filesize

    108KB

    Download