Overview

overview

3

Static

static

3

NEAS.34e33...60.exe

windows7-x64

1

NEAS.34e33...60.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.34e331a15a144cb09ebdac8c791c5a60.exe

  • Size

    110KB

  • MD5

    34e331a15a144cb09ebdac8c791c5a60

  • SHA1

    45cc5e4939d778c154f8b4c503e00677af42fe04

  • SHA256

    19d85e1708c8536a93eb34653a00f3758038ca976884d0790b2f8daf760a52b6

  • SHA512

    e13a5b650776681ab1235a20b77e03f41f032a48e4ef4fd16234fbaeb2439b1980cfbba2eb78c960a27f36d5c3bfe4296ba3cb476333be8584147d544498a7e1

  • SSDEEP

    1536:5fRodvp0FqpvtkoJY1GGpnT2c8DsWjcdalfbrCNvSBQ+Hz49dI9NIDC3zG:5fRg08vHknMsaxbfOMz4HaNIDx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.34e331a15a144cb09ebdac8c791c5a60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.34e331a15a144cb09ebdac8c791c5a60.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://kf.douxie.cn/?hezi
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a141e0aea9d871031402bf520df3c4c6

    SHA1

    94f3dc1b181ce01d5eee11db7065c3a7c92c8969

    SHA256

    fd84f1b29b8127b859dc105de2fed92247cf4d11e8f2c14c02b9d12103658bcf

    SHA512

    7fba0fc55e6c69b932d706d51da110c29be58081445c688ce37c163855dcbb70063a57054a4a9b7047fa1c03fb4776a6ae96d1b3aff61086d5fbb8e587241546

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b363b211070301c4f15668eebf19d66

    SHA1

    4d5ba75abe3c4a6e208f0b3731f31a91bb66098a

    SHA256

    b9619c1ca864896aa92e541b7a0cb93e6a944e78c0249fa39432093d249e0549

    SHA512

    e7befad9dd85a4b474e993d4643123228b85d52a29302ec5a3d8b698d06f48c4bfc58c0bdc97d2215c1f9ea826db53a97b60e161023ed78fff52cb97f7f19139

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5534b8d5cc78031294b7250567cdf5c7

    SHA1

    540b233cc84ce89f154ef7555a829eec31ad7028

    SHA256

    74dec38b7688d8a6c073b94160fb509d9de4191878e00b125202601d36179ec1

    SHA512

    44c0fe8b470ec256313110191772ebc23e881167947ab38f17b6e3794742dede0c3e4565177bf492847438f0dcbd6db0f39b9c1568fe86db525f96b67157dd50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c2a7c0addebfa2928f7cfa416575ba6

    SHA1

    c35ae9a3ebdad48b6fb19cee9d8cdf3e027dc295

    SHA256

    19625e2f2376239e58cf668c3adcaef6ce6332bb280b03b381d19f97e3bbf9f6

    SHA512

    ecf541655c5f2793d410cac1a9ff5eab7810fa3cd1ae5a69591230c57fce9b0fe3e6d2ecdd7ccfad694a0c31ec346b3214dcb78f344a1da330642b58934f6c2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b4bc049960ca26e2457e5383cf5a08a

    SHA1

    b44bf89c2752c9cad45f04f02cc0fa2ef020ce00

    SHA256

    52ad00bc7ca86b426ad6e657ae05c97e6bbe833a40708df634ca7f2c18af77bc

    SHA512

    63aa7a017641944fafa91bd4783731fea97c9dbf71bedc3e55f7f614cac1d95d4de17e02c16d651daa76d6b3d1d6981baeb6a3b3c949bea69297de8ecf83ab42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b59b092afea17d63cde4d629cef6ff8

    SHA1

    ff49c9a34103d410c621060ad8e87d578057ad06

    SHA256

    1ab5849342535cc6a01e4ebb82736ff45be258971996fd7344ccf818ae41a5ab

    SHA512

    20b7ba5587e85d3b755091ecf5a0d6b54d1f981fd44657513aca49560182babd87c9479294e60108c942cbfc74accefe8115aa4abd28107bde91fb25e641b72a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6c84f05b8a919410dd80035cc9e9044

    SHA1

    ad6db3d7e07ed1c10abd757937a37f5186c2ddbd

    SHA256

    c160be8c2e2c081db9544bdf7bbb8c16992d087091ca5580c1c7ee196197b6f6

    SHA512

    44274297264b737b54b1e8b6d38a2de0e9de8fad27d2cefe9bf4c55ec37b51fba8a9565e1b24a7a30bad16ab7d7732b0275c4ee71a6395de3fe3d76fc3a8f3c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    feb9e0f1e62c9899fd89ed91fe13ab87

    SHA1

    ef7134d80da0a61a1a6e75d2bfa810ec96e5407e

    SHA256

    ad50af2d0d3d98d9f15894d50adf42043dedea5128b9c57a3553ed311d7b887c

    SHA512

    a835a545ffec99114302396b1a33667301687eddeabb4842b23fd10460f0d0dcd3db2a2b8403ae3bc8c03dcc54d07ecdb2011d8c0e66f2bc77ac3859453652c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4f4e39a6ebdde9d345297b1fddfa4f2

    SHA1

    c2c80970d9a69b77550cab1cba01804dbc34035d

    SHA256

    8052b6fbbc6068c2b87dfd86928336a0ce72869baf3ae961589349a5485c3dbb

    SHA512

    9778f0438beca80341ac3c3f86e30e2b1aea1a5d441d47a808bc78c7c00a7e368f34126126d5e8e1dfce2d2277fb169a7762bb8f48dae17144c55550ca9ad598

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f1b50013d3105c7fff7ae91bf6c5c9a

    SHA1

    0b07866b454204ca37e67dd8a13c6e26b55f1763

    SHA256

    14e34244bf5103925276488bdc74bc7d823651e8e8d9647707797ab6b95e15e9

    SHA512

    8c15ff6708d503c0aaafe2c8914c2d23feb79770e53f09b3ed083988b5987d46f14dc653ba51bff88bedda65debc65ed5815f18893a5fd55b03d6aea09a24198

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd546b4ec0475243d2474d1911f875b4

    SHA1

    344ff9806eee938046263f232bc8322d51742770

    SHA256

    243dc6612dd80555f81e511b0e57eb093f0687b8d1276004f7e1fac3986b687f

    SHA512

    da137aa5aef1466dfae03c354386758dd90e4bf27e9143563b1d072648e514668c2303df98f338c8f155f7e47398ecbb9d9c56d7b51e445b4c721088156c951b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30be2c02840aa7a279679233aeb148a5

    SHA1

    503bf0d0c7b7d95f4704bc6b9c34ac610b51bc6b

    SHA256

    d562fd299e935a208ae0a92407e4012204e25d4196e6880ef76d73aabf088b70

    SHA512

    8ce2e37b7dd92b16fa2f51acbff4e4dacb1d120679f47bbe3de785a7a7b7b4783f5b158eeceedbf16fff4efb1415606d11158952836ce44b41a0456a30d95922

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ade925243cad9e276b4628b1879d236

    SHA1

    138f4e45b7e80e626675dd06f4bf0248ae409372

    SHA256

    e5555a65a6b5e54a6a9c4db66323fd7fe6aae5379da4f8c1995df15cae3a3bfb

    SHA512

    001f81e3e1e4406b6b7114adbd40090da4b329855b9c45a56c6901f2ce45179f6c6cd3fdefcbe7593f3d9bfe5ef8d640809a9dfeca411cb57112bc71c1fa37fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67a9cc9e7aaf9f2bf5c8258376c5dd97

    SHA1

    a5cb1b195e6db12fc9bfcfab12f11027277f9c7f

    SHA256

    e75b0d54abaa5fc16811b17887cbca9e46d2ee4afb8544fa3cb0c0bab5970c38

    SHA512

    64eb9d8b031e0d57d3ba0ee39db3949a9684b5b82e76c4833f86821a5d779873b20dea4c05c186e05a787fb49c7f5549431d212dd744b34f2e5e12b4ea861668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0cc83ce933228f5012c9420669ce4a98

    SHA1

    55dfa47182fc896fc6fdf3817b5bbd4486cdaff7

    SHA256

    0a16aca6804291d7d1bf39627ed030b6e1d8923ab903ba04c5f2489824982ba7

    SHA512

    ddfac6946662d5e4b28c40dceaf0ff40fde66eb81540556ba1069058b51633e6c2ba0450457a1d4f3fafa01dd6094377d3026b413b6d4aa147a5d5bedd416335

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0040c5c45208919d96daf9a9d805b0ef

    SHA1

    9b3dae0c1bf89bf5c9fcabf58452fd020e335c03

    SHA256

    5fa1658acc5fcf77dd300d7f7c23ccf9834611c5984ac34effc69ce64a3d2dd1

    SHA512

    8f247d66cd2891eed729878cb18da57375e862d80609f71c9811e833fcd438f39afda7051408d18bb0f66c755ed99d86c8c86fb66751baf63d5ca75d7b86e1ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9b333d782e26ff1351a08cd6a0b23d8

    SHA1

    6f759efe739dd2c4fe832101521fc3de74595f26

    SHA256

    e4c92016132e8a997dc92c4cb0f9cea743ce64d01ee2cede64ce488fff7c63a4

    SHA512

    56d89d20fb495806d17c11534ff41e5c45bc46f58febddd3293349a19aab4dd3a8a5b91a85bf038ec3abacbed741e766d4bd59c5bafe5ddc9fa675a5faad55e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b4471c9861669d85d91143d967f6e4e8

    SHA1

    d369d4e0f03e29f29b4e5309ef50d8c8d3b8cd33

    SHA256

    92219bf433f470b81988777126271caf809f8f3be98d109b4ce7babab096373b

    SHA512

    f4c6e79621dadd32d487d0440584d03203da6010495fb8cbd92d69a20776aad42fa4b28658834d1c76a00519000bc3db6543eed38a7a66a8dda45628abfe4ae7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7B59.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7C38.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2456-2-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2456-1-0x00000000007B0000-0x00000000007C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2456-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download