b21aa419deabfd0ba3d40818fd9653b6b7dcb4f5dd0167a0f02c0fe58df02a3c

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
Size

52KB
MD5

3ec7ef639ee3aff8a092146ef863a280
SHA1

1d66d415955f9ac1f615b7a3e2ed8b3ee0957911
SHA256

b21aa419deabfd0ba3d40818fd9653b6b7dcb4f5dd0167a0f02c0fe58df02a3c
SHA512

cc8b3b4e2ab5d201a123b06731a39f6e8661208f6db670e94e7277175a25989a09cfb7f656350bbd91e4a40f11ec6c852771dae70ad5a30a725c657855917f96
SSDEEP

768:PRGnbzOg4LhWk2FVALXtWIqhFfSObvLFIBG7QuDhFc:JGXrkwuEIvO9Vzc

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\I:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\L:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\M:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\O:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\R:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\T:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\B:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\G:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\P:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\S:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\W:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\Z:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\H:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\Q:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\X:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\Y:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\E:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\J:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\K:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\N:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\U:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
File opened (read-only)	\??\V:	NEAS.3ec7ef639ee3aff8a092146ef863a280.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3ec7ef639ee3aff8a092146ef863a280.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3ec7ef639ee3aff8a092146ef863a280.exe"
1⤵
- Enumerates connected drives
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads