Overview

overview

7

Static

static

3

NEAS.75987...c0.exe

windows7-x64

7

NEAS.75987...c0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    181s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.75987486edb951c59979d986c0c8dec0.exe

  • Size

    8KB

  • MD5

    75987486edb951c59979d986c0c8dec0

  • SHA1

    ef4eb2105267cefd6c58881f320e970fb4a7b43f

  • SHA256

    646e46a3ffd856337444848b03e50c6ce5d55efa93ca3906b8d55638d67ba71f

  • SHA512

    38f6e543c20a22af0a4d4bf53640407e64c9367e17a672e195debf9909c44d78784ceb783ff5788d521608e05f34decb991edadd351397c9a692c37b45b366ec

  • SSDEEP

    96:QtTcnngnpETXghZd5SOU5G1sPbseggygUldpoTiMsDwqKqUB7MYW2FAfggNZqsIz:QpGWmTQvbdoiKbDggtKcTYT3UB19AIn9

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.75987486edb951c59979d986c0c8dec0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.75987486edb951c59979d986c0c8dec0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    8KB

    MD5

    1264d19e40a312fa59598f7a3e6d2871

    SHA1

    ee43a274382f1854ab9cf7cb36f786c99c1632a2

    SHA256

    10c9011a8f5675b0996949069f61ae4346d4b922db744534a65488cc862b4388

    SHA512

    1f0ec636b103e132e924b5d3657b6213027eb96d8376bc477728093111f63e0c0698ad37e8ffcd85b423864942315323ea75c8706057655fe5f22610fb8d6f91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    8KB

    MD5

    1264d19e40a312fa59598f7a3e6d2871

    SHA1

    ee43a274382f1854ab9cf7cb36f786c99c1632a2

    SHA256

    10c9011a8f5675b0996949069f61ae4346d4b922db744534a65488cc862b4388

    SHA512

    1f0ec636b103e132e924b5d3657b6213027eb96d8376bc477728093111f63e0c0698ad37e8ffcd85b423864942315323ea75c8706057655fe5f22610fb8d6f91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    8KB

    MD5

    1264d19e40a312fa59598f7a3e6d2871

    SHA1

    ee43a274382f1854ab9cf7cb36f786c99c1632a2

    SHA256

    10c9011a8f5675b0996949069f61ae4346d4b922db744534a65488cc862b4388

    SHA512

    1f0ec636b103e132e924b5d3657b6213027eb96d8376bc477728093111f63e0c0698ad37e8ffcd85b423864942315323ea75c8706057655fe5f22610fb8d6f91

    Download Submit

  • memory/4696-0-0x00000000008A0000-0x00000000008A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4696-3-0x00000000008A0000-0x00000000008A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4844-10-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

    Filesize

    4KB

    Download