Overview

overview

8

Static

static

3

NEAS.16b88...90.exe

windows7-x64

8

NEAS.16b88...90.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.16b88dd96b2da25cc69e875aa2932e90.exe

  • Size

    329KB

  • MD5

    16b88dd96b2da25cc69e875aa2932e90

  • SHA1

    d0fc757ff184dc22a0a5dcea891b4f50dc20359c

  • SHA256

    1c05c4f9cd31b028ffd63ee0c7b036ff170ca0b2972ee6190163d889d1143624

  • SHA512

    0b95ea91ce85d0d7ec0b09317b036bfde7f7d3b55ade3c5c9038a8c65dd3b5c02458e814ca08384baeb21841cfad881efb3574d06a353c5ca8bff5de1c149a42

  • SSDEEP

    6144:MRAhhJxX7bNIAROzTuaPUD8XRufY7L3oxXTwMJU+ISZl/ux1nlKgN7+A:UsAAPaPUD1SYzJtl/u/nX+A

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.16b88dd96b2da25cc69e875aa2932e90.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.16b88dd96b2da25cc69e875aa2932e90.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    331KB

    MD5

    2010b0e0a8076c5c81e5e0ffbe9eaccc

    SHA1

    eae2ecd6b8e4f262d1ee2c52a4557bb5aaa782cc

    SHA256

    5410b49c8e0451c2715f26fe843059335d14b2301fa10ccdfd57d598ffb334bc

    SHA512

    b975b94e7a5759702f9361b7d42a1b7ff58de22856843e75abc3cbd038209b0c1f764fc053539413386d31cdaf62a1bcca4308d23af188b637dafd5d2e35d8a7

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    330KB

    MD5

    e76d1499e1a07e0080e6fcb014edeeac

    SHA1

    3560a6800ab0960fadbcd66c0b2576679cabc9fd

    SHA256

    053d2b3ea100e6940f00646fca00382af9f8632dec96222b1b3e430f60b2ffe9

    SHA512

    f82b77db98410f2aba520fc6e89171269c0f1fad0542cff3519ee713982d309487a6e21b79018882c24499bc6e19da944e6286c038e0d78bd384e23ad90a55e5

    Download Submit

  • memory/1692-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1692-14-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1692-13-0x0000000000220000-0x0000000000255000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2172-16-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2172-17-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download