Overview

overview

7

Static

static

3

NEAS.716ef...80.exe

windows7-x64

7

NEAS.716ef...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.716ef8d98c386b918e04c8ad8927bb80.exe

  • Size

    211KB

  • MD5

    716ef8d98c386b918e04c8ad8927bb80

  • SHA1

    16f0c51cee5692ee6c3d9f38bb5344416f31c241

  • SHA256

    ccde3cd7126eba044db0a50d4f4c713660a5a9e3a4b9717b574aa40a9ec40509

  • SHA512

    0d9c050ac6f68c82cc43c8bf72d9645cccdbed15e1f556bacb59e1cf48410b41960819d15c89cc7391f628bf9e0d21e47f2d3e218f08c018d2720bdd4c7ce34c

  • SSDEEP

    3072:EPUHpiKT2t2UHIu05W7SAFJJOUD9cckiKop97f3r8n9t9YgntM:9rTfUHeeSKOS9ccFKk3Y9t9YJ

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.716ef8d98c386b918e04c8ad8927bb80.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.716ef8d98c386b918e04c8ad8927bb80.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Microsoft Build\Isass.exe
    Filesize

    211KB

    MD5

    716ef8d98c386b918e04c8ad8927bb80

    SHA1

    16f0c51cee5692ee6c3d9f38bb5344416f31c241

    SHA256

    ccde3cd7126eba044db0a50d4f4c713660a5a9e3a4b9717b574aa40a9ec40509

    SHA512

    0d9c050ac6f68c82cc43c8bf72d9645cccdbed15e1f556bacb59e1cf48410b41960819d15c89cc7391f628bf9e0d21e47f2d3e218f08c018d2720bdd4c7ce34c

    Download Submit

  • C:\Users\Public\Microsoft Build\Isass.exe
    Filesize

    211KB

    MD5

    716ef8d98c386b918e04c8ad8927bb80

    SHA1

    16f0c51cee5692ee6c3d9f38bb5344416f31c241

    SHA256

    ccde3cd7126eba044db0a50d4f4c713660a5a9e3a4b9717b574aa40a9ec40509

    SHA512

    0d9c050ac6f68c82cc43c8bf72d9645cccdbed15e1f556bacb59e1cf48410b41960819d15c89cc7391f628bf9e0d21e47f2d3e218f08c018d2720bdd4c7ce34c

    Download Submit

  • C:\Users\Public\Microsoft Build\Isass.exe
    Filesize

    211KB

    MD5

    716ef8d98c386b918e04c8ad8927bb80

    SHA1

    16f0c51cee5692ee6c3d9f38bb5344416f31c241

    SHA256

    ccde3cd7126eba044db0a50d4f4c713660a5a9e3a4b9717b574aa40a9ec40509

    SHA512

    0d9c050ac6f68c82cc43c8bf72d9645cccdbed15e1f556bacb59e1cf48410b41960819d15c89cc7391f628bf9e0d21e47f2d3e218f08c018d2720bdd4c7ce34c

    Download Submit

  • \Users\Public\Microsoft Build\Isass.exe
    Filesize

    211KB

    MD5

    716ef8d98c386b918e04c8ad8927bb80

    SHA1

    16f0c51cee5692ee6c3d9f38bb5344416f31c241

    SHA256

    ccde3cd7126eba044db0a50d4f4c713660a5a9e3a4b9717b574aa40a9ec40509

    SHA512

    0d9c050ac6f68c82cc43c8bf72d9645cccdbed15e1f556bacb59e1cf48410b41960819d15c89cc7391f628bf9e0d21e47f2d3e218f08c018d2720bdd4c7ce34c

    Download Submit

  • \Users\Public\Microsoft Build\Isass.exe
    Filesize

    211KB

    MD5

    716ef8d98c386b918e04c8ad8927bb80

    SHA1

    16f0c51cee5692ee6c3d9f38bb5344416f31c241

    SHA256

    ccde3cd7126eba044db0a50d4f4c713660a5a9e3a4b9717b574aa40a9ec40509

    SHA512

    0d9c050ac6f68c82cc43c8bf72d9645cccdbed15e1f556bacb59e1cf48410b41960819d15c89cc7391f628bf9e0d21e47f2d3e218f08c018d2720bdd4c7ce34c

    Download Submit

  • memory/2528-45-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-20-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-76-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-12-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-64-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-15-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-63-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-16-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-17-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-54-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-21-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-28-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-29-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-34-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-38-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-44-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-55-0x0000000004210000-0x00000000054B8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-52-0x0000000004210000-0x00000000054B8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2528-53-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2832-13-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2832-0-0x0000000000400000-0x00000000016A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2832-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2832-14-0x0000000004300000-0x00000000055A8000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/2832-11-0x0000000004300000-0x00000000055A8000-memory.dmp

    Filesize

    18.7MB

    Download