Analysis
-
max time kernel
156s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
03-12-2022 12:26
General
-
Target
B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exe
-
Size
9.1MB
-
MD5
71d1b7ce025e5d50d245d777cf47b2ea
-
SHA1
41ff2c2f863df5e52c8ab28705cf1df1f633f15c
-
SHA256
b9806db6959eaf756dd803b51495ab2d9b2ef4aa0b7a902b268d07ab7af15748
-
SHA512
c2e065cb471365981b043b19aabc79a8572a39c14edcb7da8cc9a6afb9cb18a4620dcf7ff41a223a575aaf4a8800196255a4398fea4dff98fa8f315b4ea675f1
-
SSDEEP
196608:SAiDgpcQXledaHtC5/hABhZAbhKhnD7vyVGLi+Y3nZ/yy:fpcQXiNhChZAbhK2yipp
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exe"C:\Users\Admin\AppData\Local\Temp\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exe"1⤵
- Modifies system executable filetype association
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exe"2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\3582-490\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exeFilesize
9.1MB
MD59068a5a384c8acb0d0c1bab38255c649
SHA11c5b3fd96add72a8d2add834268cddb98e7e70be
SHA256d14d615e906c4ef4f9e2baddea5696913485b6828eea2780eed4fb1f0f537f4a
SHA512457c63ae42d8e34647294156bd06a98b2ad6c2f8bdfbedec73b7959408a9376a4bf487cb4b43b932f92f93c5e7989dab147082e62e8df660b3486e57adab3834
-
C:\Users\Admin\AppData\Local\Temp\3582-490\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exeFilesize
9.1MB
MD59068a5a384c8acb0d0c1bab38255c649
SHA11c5b3fd96add72a8d2add834268cddb98e7e70be
SHA256d14d615e906c4ef4f9e2baddea5696913485b6828eea2780eed4fb1f0f537f4a
SHA512457c63ae42d8e34647294156bd06a98b2ad6c2f8bdfbedec73b7959408a9376a4bf487cb4b43b932f92f93c5e7989dab147082e62e8df660b3486e57adab3834
-
\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXEFilesize
252KB
MD59e2b9928c89a9d0da1d3e8f4bd96afa7
SHA1ec66cda99f44b62470c6930e5afda061579cde35
SHA2568899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043
SHA5122ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156
-
\Users\Admin\AppData\Local\Temp\3582-490\B9806DB6959EAF756DD803B51495AB2D9B2EF4AA0B7A9.exeFilesize
9.1MB
MD59068a5a384c8acb0d0c1bab38255c649
SHA11c5b3fd96add72a8d2add834268cddb98e7e70be
SHA256d14d615e906c4ef4f9e2baddea5696913485b6828eea2780eed4fb1f0f537f4a
SHA512457c63ae42d8e34647294156bd06a98b2ad6c2f8bdfbedec73b7959408a9376a4bf487cb4b43b932f92f93c5e7989dab147082e62e8df660b3486e57adab3834
-
memory/952-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmpFilesize
8KB
-
memory/1088-56-0x0000000000000000-mapping.dmp