23ccae76ef8c57b97b89f4f09b032504c112c3df55c0ac031ba0c98b63fc0ca7

Analysis

max time kernel
163s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4d11ace36c2daca8bbebd23403acdf50.exe
Size

160KB
MD5

4d11ace36c2daca8bbebd23403acdf50
SHA1

914d337cd312b68d392b20b9dd5161cb142d3111
SHA256

23ccae76ef8c57b97b89f4f09b032504c112c3df55c0ac031ba0c98b63fc0ca7
SHA512

80c47e3409e0e8fa8ade29940ed4dd0278d453ab0b90e748d14965a09c1408878cc65f03fd399a05475c6027f8ab0cb57922c02b4d5b66d7bd1205a0d561cfa3
SSDEEP

3072:8sDV6Az1lWgFvYGnJdlKpZV3uTN9WU/G9h3Gw590KqWbmzALbvl6:tQAKgFvYGJdlKpZV3uTN9WU/G9h2w591

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	NEAS.4d11ace36c2daca8bbebd23403acdf50.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\NEAS.4d11ace36c2daca8bbebd23403acdf50.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4d11ace36c2daca8bbebd23403acdf50.exe"
1⤵
- Checks computer location settings
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1428-0-0x00007FFDA1250000-0x00007FFDA1BF1000-memory.dmp

Filesize
9.6MB

Download
memory/1428-1-0x00007FFDA1250000-0x00007FFDA1BF1000-memory.dmp

Filesize
9.6MB

Download
memory/1428-2-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/1428-3-0x00007FFDA1250000-0x00007FFDA1BF1000-memory.dmp

Filesize
9.6MB

Download
memory/1428-4-0x00007FFDA1250000-0x00007FFDA1BF1000-memory.dmp

Filesize
9.6MB

Download
memory/1428-5-0x000000001BA10000-0x000000001BAB6000-memory.dmp

Filesize
664KB

Download
memory/1428-6-0x000000001BF90000-0x000000001C45E000-memory.dmp

Filesize
4.8MB

Download
memory/1428-7-0x000000001C500000-0x000000001C59C000-memory.dmp

Filesize
624KB

Download
memory/1428-8-0x0000000001140000-0x0000000001148000-memory.dmp

Filesize
32KB

Download
memory/1428-9-0x000000001C600000-0x000000001C64C000-memory.dmp

Filesize
304KB

Download
memory/1428-11-0x00007FFDA1250000-0x00007FFDA1BF1000-memory.dmp

Filesize
9.6MB

Download