98432a7ca4733a5290dc6b50bf7c5e13335843ccd5b6008c8a7fc3b584f315e4

Analysis

max time kernel
161s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bb69629a408e1f8ab1056a07d146c550.exe
Size

5KB
MD5

bb69629a408e1f8ab1056a07d146c550
SHA1

9d26e15836aac21af33bf91517c7f5a68dbe89fc
SHA256

98432a7ca4733a5290dc6b50bf7c5e13335843ccd5b6008c8a7fc3b584f315e4
SHA512

c0582ef3ab3b1a6c0d54d972f90bd6d20ecd12566c44b8cffcb4f8bc0aa30951b04af8f5d931f37f816819983d303a5a18b602b5427c2a00d2ed7f84d73b1212
SSDEEP

96:ZSv4mQMKh9ctgCVRKR87nKymV44zZjwtqnAOyqy3qAOAPJc0g+:rmQMKsnK27nKfzzRwMnADHaAOAxc0g+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2020	kbswl.exe

Loads dropped DLL 2 IoCs

pid	Process
1980	NEAS.bb69629a408e1f8ab1056a07d146c550.exe
1980	NEAS.bb69629a408e1f8ab1056a07d146c550.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2020	1980	NEAS.bb69629a408e1f8ab1056a07d146c550.exe	27
PID 1980 wrote to memory of 2020	1980	NEAS.bb69629a408e1f8ab1056a07d146c550.exe	27
PID 1980 wrote to memory of 2020	1980	NEAS.bb69629a408e1f8ab1056a07d146c550.exe	27
PID 1980 wrote to memory of 2020	1980	NEAS.bb69629a408e1f8ab1056a07d146c550.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.bb69629a408e1f8ab1056a07d146c550.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bb69629a408e1f8ab1056a07d146c550.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\kbswl.exe
  "C:\Users\Admin\AppData\Local\Temp\kbswl.exe"
  2⤵
  - Executes dropped EXE
  PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
5KB

MD5
57d44609a8c96eabfdd94fa1d5da91ba

SHA1
6f83c24df3ec37bf860f7ce9db9b59990b9fd87b

SHA256
4413c085d6527f3d9ee361522aa9b9dfc2170456464eac212b4efc23f1b6a2dc

SHA512
1664028f436dcc55a056f92eaef121006316f479460d3abae68eeabc2e0b09ee06ec3899a5b135da9e7506e96d8080f7dd34fd22e01d12cde029711084ccdc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
5KB

MD5
57d44609a8c96eabfdd94fa1d5da91ba

SHA1
6f83c24df3ec37bf860f7ce9db9b59990b9fd87b

SHA256
4413c085d6527f3d9ee361522aa9b9dfc2170456464eac212b4efc23f1b6a2dc

SHA512
1664028f436dcc55a056f92eaef121006316f479460d3abae68eeabc2e0b09ee06ec3899a5b135da9e7506e96d8080f7dd34fd22e01d12cde029711084ccdc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
5KB

MD5
57d44609a8c96eabfdd94fa1d5da91ba

SHA1
6f83c24df3ec37bf860f7ce9db9b59990b9fd87b

SHA256
4413c085d6527f3d9ee361522aa9b9dfc2170456464eac212b4efc23f1b6a2dc

SHA512
1664028f436dcc55a056f92eaef121006316f479460d3abae68eeabc2e0b09ee06ec3899a5b135da9e7506e96d8080f7dd34fd22e01d12cde029711084ccdc7f

Download Submit
\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
5KB

MD5
57d44609a8c96eabfdd94fa1d5da91ba

SHA1
6f83c24df3ec37bf860f7ce9db9b59990b9fd87b

SHA256
4413c085d6527f3d9ee361522aa9b9dfc2170456464eac212b4efc23f1b6a2dc

SHA512
1664028f436dcc55a056f92eaef121006316f479460d3abae68eeabc2e0b09ee06ec3899a5b135da9e7506e96d8080f7dd34fd22e01d12cde029711084ccdc7f

Download Submit
\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
5KB

MD5
57d44609a8c96eabfdd94fa1d5da91ba

SHA1
6f83c24df3ec37bf860f7ce9db9b59990b9fd87b

SHA256
4413c085d6527f3d9ee361522aa9b9dfc2170456464eac212b4efc23f1b6a2dc

SHA512
1664028f436dcc55a056f92eaef121006316f479460d3abae68eeabc2e0b09ee06ec3899a5b135da9e7506e96d8080f7dd34fd22e01d12cde029711084ccdc7f

Download Submit