Overview

overview

7

Static

static

3

NEAS.ce576...60.exe

windows7-x64

7

NEAS.ce576...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ce576795ef6478aa6add733fdb925d60.exe

  • Size

    224KB

  • MD5

    ce576795ef6478aa6add733fdb925d60

  • SHA1

    585881455817d6260793b2803b475eaeba1f23d4

  • SHA256

    ff501f5daa8c31b10c2b1a5636e4637bff953fe251e46c9faf69f954f37c3fc4

  • SHA512

    c01ac9fb788ca6bfb9a52f8c02ecdeb4d93430733c9f63078c4fa1b08e468daa214e330f708c0c56e93dc08708b797bddb831a9b8ef7d120589b7fb01b5ac068

  • SSDEEP

    3072:9QzU45cLm5YJx4+pOm00vg/g+u6cWN1BfC3CxcPhQYZ:9Qg45cLmiJTV00hS1QscPN

Score
7/10
miner

Malware Config

Signatures

  • Cryptocurrency Miner

    Makes network request to known mining pool URL.

    miner
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ce576795ef6478aa6add733fdb925d60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ce576795ef6478aa6add733fdb925d60.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3860
    • C:\.Trash-100\ActivateDesktop.exe
      C:\.Trash-100\ActivateDesktop.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\.Trash-100\ActivateDesktop.exe
    Filesize

    224KB

    MD5

    85704e46014d2702c7f77ade3f39cca7

    SHA1

    aa314a01b56cf8c3be552c4cb8e583d9ed5cda60

    SHA256

    67c41d4be67b07de4ad970fb4cf80e9f2ed4908b6f56e162180094971ac83d60

    SHA512

    de009f6ec6015d4774f59a2d05d51093a172519aab49becc949766f9c4913531dfdf57925cbe8855f644f4af85e21e55d2149b7b5b4ec2172e8b26de690f3c78

    Download Submit

  • C:\.Trash-100\ActivateDesktop.exe
    Filesize

    224KB

    MD5

    85704e46014d2702c7f77ade3f39cca7

    SHA1

    aa314a01b56cf8c3be552c4cb8e583d9ed5cda60

    SHA256

    67c41d4be67b07de4ad970fb4cf80e9f2ed4908b6f56e162180094971ac83d60

    SHA512

    de009f6ec6015d4774f59a2d05d51093a172519aab49becc949766f9c4913531dfdf57925cbe8855f644f4af85e21e55d2149b7b5b4ec2172e8b26de690f3c78

    Download Submit

  • C:\.Trash-100\db\framework_exe
    Filesize

    19B

    MD5

    665009c6d258a06e710ff8c7810f4697

    SHA1

    abf7abc9bae75e5323a12b1d58336dfe0fd58e22

    SHA256

    98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

    SHA512

    a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

    Download Submit

  • C:\.Trash-100\db\version
    Filesize

    4B

    MD5

    c0f82517af0829daac3a6cf82e9ecc1e

    SHA1

    99621fe7e9f6c2aee4dc5fd804ef346b774689ca

    SHA256

    22fe047777c4d00ccf83263aeb1b449ffbd3a3bce283d0caeaac0c97276ae940

    SHA512

    7211cc7e7df1e21ad5f7b458b502268edac586b2daf94110322b6e04c62f6966fd68bd2d0201906c2483e90ad904c48821cbee8b722218675d4caa79292e641a

    Download Submit