Overview

overview

7

Static

static

3

NEAS.797c9...e0.exe

windows7-x64

7

NEAS.797c9...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.797c98d58933c6fdfc8dd93792357de0.exe

  • Size

    444KB

  • MD5

    797c98d58933c6fdfc8dd93792357de0

  • SHA1

    97b36c69e8873cc6e35fecb1794657315f22626e

  • SHA256

    5a2c6ebdd5947c67fcd098da4e88723f738fd02dfa3d60769b921bd5d4c12296

  • SHA512

    04107cd892dc91a1d905db93c3f71901371c552bc37e21b30a55a254e274badd3caf8b33359da82b85c9d81e5f343b77c447f07eb443a88347e871adf006a5f4

  • SSDEEP

    12288:Nb4bZudi79LwoQrERXZBvGOxD+OSJg2A:Nb4bcdkLyrERXZFxDrSJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.797c98d58933c6fdfc8dd93792357de0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.797c98d58933c6fdfc8dd93792357de0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Local\Temp\8A3E.tmp
      "C:\Users\Admin\AppData\Local\Temp\8A3E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.797c98d58933c6fdfc8dd93792357de0.exe 8ECC800F40E8EE34721477F4FA7FA0803BED943FFF1CE2CD50F1D8CC82947FEF9446D4835857E212D6648AB2CE4E739B40EA8EAB0878723E9336C104E0BBBA2A
      2⤵
      • Executes dropped EXE
      PID:548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8A3E.tmp
    Filesize

    444KB

    MD5

    a93e19183ec1ab8a0b66eef6a64dead6

    SHA1

    e7342d87c864b47d2ee44facd69ebba91a2c3962

    SHA256

    e85feb63be54a3984bc8b3afae7a7d264f2fb87a314a44ed2c25fbde8c592d16

    SHA512

    248b98f147a704655437c21eb90a69d59b4ae7d8459550a738077217f98428deaa5b0d03dfaec316b95cb914ac92d555b85ebc97cf3d81cd6731dcb5add45218

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8A3E.tmp
    Filesize

    444KB

    MD5

    a93e19183ec1ab8a0b66eef6a64dead6

    SHA1

    e7342d87c864b47d2ee44facd69ebba91a2c3962

    SHA256

    e85feb63be54a3984bc8b3afae7a7d264f2fb87a314a44ed2c25fbde8c592d16

    SHA512

    248b98f147a704655437c21eb90a69d59b4ae7d8459550a738077217f98428deaa5b0d03dfaec316b95cb914ac92d555b85ebc97cf3d81cd6731dcb5add45218

    Download Submit