Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
22-02-2022 03:28
Static task
static1
Behavioral task
behavioral1
Sample
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe
Resource
win10v2004-en-20220112
General
-
Target
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe
-
Size
5.6MB
-
MD5
9fdf25377a0368ae22b809ba47b5eef8
-
SHA1
32b3a2e01733a825df61e0c3d316c0a8a2bf62a5
-
SHA256
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5
-
SHA512
ea304caa721c91639d9b46e16490488ed923f82a5cab6efdf56bf417ddad8aec8c72485bef4273381acb4dd66a2eedbb039af242575268dedb479c76fe72965f
Malware Config
Signatures
-
Detect Neshta Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1664-55-0x0000000001270000-0x000000000181A000-memory.dmp family_neshta -
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
Processes:
resource yara_rule behavioral1/memory/1664-55-0x0000000001270000-0x000000000181A000-memory.dmp WebBrowserPassView -
Nirsoft 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1664-55-0x0000000001270000-0x000000000181A000-memory.dmp Nirsoft -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exepid process 1664 3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exepid process 1664 3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe"C:\Users\Admin\AppData\Local\Temp\3848ddee2590966f7b46e221d6a4df3e4b72d68c2624cad0c333eee09f0143d5.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1664
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1664-54-0x000007FEF51B3000-0x000007FEF51B4000-memory.dmpFilesize
4KB
-
memory/1664-55-0x0000000001270000-0x000000000181A000-memory.dmpFilesize
5.7MB
-
memory/1664-56-0x000000001B940000-0x000000001B942000-memory.dmpFilesize
8KB
-
memory/1664-57-0x000000001B942000-0x000000001B943000-memory.dmpFilesize
4KB
-
memory/1664-58-0x000000001B947000-0x000000001B966000-memory.dmpFilesize
124KB