Overview

overview

5

Static

static

3

NEAS.a5954...80.exe

windows7-x64

5

NEAS.a5954...80.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 20:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.a5954a14f4777308e6af614ac0a4b980.exe

  • Size

    27KB

  • MD5

    a5954a14f4777308e6af614ac0a4b980

  • SHA1

    67a1fb19b25221db13b0e3caecb96e155daca5a6

  • SHA256

    259888594e2f32697b850f8f3cfa81d411c0972546659a9db8cd94f68e270b2d

  • SHA512

    8a2518deecef20349626aad2cac40fe27d90c9a122e6f73525db8fade3a88d449cb6d587e6baa4b9504991a7cdfe5f44bf7e491a7928ae03bdcfc5a4bd6c7436

  • SSDEEP

    384:+VqoTo1+eSkHWGYjZoxl9yuUNL9bUTyRwhlLL0TQybPp1hHZ:+VqoTo11SkHWZGiuq9bLRwfoTQI3L

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.a5954a14f4777308e6af614ac0a4b980.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a5954a14f4777308e6af614ac0a4b980.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:2292

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1724-0-0x0000000000400000-0x000000000040A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1724-1-0x0000000000020000-0x000000000002A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1724-11-0x0000000000400000-0x000000000040A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2292-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2292-4-0x0000000000400000-0x0000000000405000-memory.dmp

            Filesize

            20KB

            Download

          • memory/2292-6-0x0000000000400000-0x0000000000405000-memory.dmp

            Filesize

            20KB

            Download