Overview

overview

10

Static

static

3

Easy_Malic...c5.exe

windows7-x64

10

Easy_Malic...c5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-08-2023 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Easy_Malicious_2dc949fec61b9fa5f6f3acfb06fdc551e9d64e4d29db27c78e0b73ccca7d3bc5.exe

  • Size

    1.5MB

  • MD5

    75d4b613ca29410c9e3afc90b265873b

  • SHA1

    f7386d9b14f5f11fd5841b27da44ab352cdd179c

  • SHA256

    b983f840eb7e8f09efff5c4b8b0565efd5edba292f0f6a0fad7d05570c78d178

  • SHA512

    761c28d3bec223e5bac3a5d561c08db590e5be0d7f92bdcb69b847444cdffa26345096c4964b9e7a3c887d0696687f5c811f37a4a843ac0bf9c61848ab05bb63

  • SSDEEP

    24576:WTaE8SkcVq47MhS7CK4TMeN3mVuWxgDqzf:bE8SDVq4173ixmV8s

Score
10/10
neshtapersistencespywarestealer

Malware Config

Signatures

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Easy_Malicious_2dc949fec61b9fa5f6f3acfb06fdc551e9d64e4d29db27c78e0b73ccca7d3bc5.exe
    "C:\Users\Admin\AppData\Local\Temp\Easy_Malicious_2dc949fec61b9fa5f6f3acfb06fdc551e9d64e4d29db27c78e0b73ccca7d3bc5.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    PID:1412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
    Filesize

    9.4MB

    MD5

    124147ede15f97b47224628152110ce2

    SHA1

    4530fee9b1199777693073414b82420a7c88a042

    SHA256

    3e815d583236b9cecd912fcc949a301d1e51b609cbb53a2285d08feea305edcd

    SHA512

    f4c2825380d1bb9ca889d5c5684f13aa0cacb0d6511f6409ca0972a7191195a0175e00c995407848bf09ea03cff05c7395952bf2ffd2af2015b8939f75a8e627

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\Easy_Malicious_2dc949fec61b9fa5f6f3acfb06fdc551e9d64e4d29db27c78e0b73ccca7d3bc5.exe
    Filesize

    1.5MB

    MD5

    ecf55ee7711cf7275711286a8124a138

    SHA1

    5bd3f7dffe4a5254fca4e40299152050586997d9

    SHA256

    5441a95701104fed9dbfa10521664ae65edead8dd8632b0b538e47e94599b79b

    SHA512

    fc1857b92ac7dbacb6b0b920ed02fc9dd1350a634113028a4e4c41cff950dd5967ace8f4816beab0408c0fca7011e78e1245dbd938e3efb7963239fdc7510b4f

    Download Submit

  • memory/1412-220-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1412-221-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1412-222-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1412-232-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1412-233-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1412-235-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download