Overview

overview

7

Static

static

7

NEAS.79816...c0.exe

windows7-x64

7

NEAS.79816...c0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7981644a9f3837412fcf979d7aae99c0.exe

  • Size

    584KB

  • MD5

    7981644a9f3837412fcf979d7aae99c0

  • SHA1

    b1c7adc410750818895afcb9cb40dc5422f6c9d2

  • SHA256

    5afddc41e8c0425b7933b5b1e966bf0288cf8798a01112088a3bb5d3d6cad744

  • SHA512

    4578efe49278a730cbd646f9c9ef4aae42260ee9d06697696490243e201c4903f3370835e8882d949f03d1e1ed6a76fc1dc71cb9568c992e4cd4b449e1af53aa

  • SSDEEP

    12288:5BAsu/1OsCzbT7YebtN2rMFpouF0/DD0:eMzEgNPFpoz/0

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7981644a9f3837412fcf979d7aae99c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7981644a9f3837412fcf979d7aae99c0.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Program Files\Chinese\Traditional.exe
      "C:\Program Files\Chinese\Traditional.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Chinese\Traditional.exe
    Filesize

    584KB

    MD5

    6aafa885fac337e1e55b2bc054516b5f

    SHA1

    358264bd325de2b06233202d418063506ea517c5

    SHA256

    2dc710aa42442495b745f8cea5c35dcf052477715fd553e819d3a6f403ef60b2

    SHA512

    ab78489249b19b9c06d53b4be11d620dbfa644a94f0a7edefa9ce7725b04166c695ededd3b933835884b7b63749c8b187794e44c418bce5e43fda34735f8fecd

    Download Submit

  • C:\Program Files\Chinese\Traditional.exe
    Filesize

    584KB

    MD5

    6aafa885fac337e1e55b2bc054516b5f

    SHA1

    358264bd325de2b06233202d418063506ea517c5

    SHA256

    2dc710aa42442495b745f8cea5c35dcf052477715fd553e819d3a6f403ef60b2

    SHA512

    ab78489249b19b9c06d53b4be11d620dbfa644a94f0a7edefa9ce7725b04166c695ededd3b933835884b7b63749c8b187794e44c418bce5e43fda34735f8fecd

    Download Submit

  • memory/4044-4-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4044-7-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/5060-0-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/5060-6-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download