Overview

overview

8

Static

static

3

NEAS.cc8b6...00.exe

windows7-x64

8

NEAS.cc8b6...00.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.cc8b61da2398af25291dec8c7902e700.exe

  • Size

    303KB

  • MD5

    cc8b61da2398af25291dec8c7902e700

  • SHA1

    908b5e922f78ed8ddc76db6d5b2f1d5e201c852f

  • SHA256

    ec0c269a6f073caf8e5c62dd39e8ff24012746baf7c00dfcb0be4312af927ca2

  • SHA512

    b10a3f748aa8a49cc921f4c520259d955e96eea0c0794659d4b4f3814135c9be5492f4144f427a790bf85df9023d2a74d338b4a8dd61437b21fa17ca888e74a8

  • SSDEEP

    6144:FuX1qoEd2v9B+kDHERyxENymABA4Rs/xN4QnQUkdn5RQxfbV:FwHBxDHEoxG0s/xMlxU7

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.cc8b61da2398af25291dec8c7902e700.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cc8b61da2398af25291dec8c7902e700.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2252
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {A23C221C-10AE-4A32-8739-03CA143301DD} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\PROGRA~3\Mozilla\eskchkd.exe
      C:\PROGRA~3\Mozilla\eskchkd.exe -srskkzl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\eskchkd.exe
    Filesize

    303KB

    MD5

    b8f2e0e9705b788b5691fc4be143c2c0

    SHA1

    88b93c9ebbf7aecbc5c4f384afdc0761f3b671df

    SHA256

    e527cdcbca5054bb190bd38d5e0cd0fbf3ddf64a1a7d701d0ce96404c23026e0

    SHA512

    0ccb0e1b0b7a55b51d4ae4c9ba4ba3cbd47ef913c39df5ffc1a7395ab7ac7be4d854e357cec49d5bdcfe09d4a03dbc7146aff1a73fd4b8636e83142fb6c8851a

    Download Submit

  • C:\PROGRA~3\Mozilla\eskchkd.exe
    Filesize

    303KB

    MD5

    b8f2e0e9705b788b5691fc4be143c2c0

    SHA1

    88b93c9ebbf7aecbc5c4f384afdc0761f3b671df

    SHA256

    e527cdcbca5054bb190bd38d5e0cd0fbf3ddf64a1a7d701d0ce96404c23026e0

    SHA512

    0ccb0e1b0b7a55b51d4ae4c9ba4ba3cbd47ef913c39df5ffc1a7395ab7ac7be4d854e357cec49d5bdcfe09d4a03dbc7146aff1a73fd4b8636e83142fb6c8851a

    Download Submit

  • memory/2252-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2252-1-0x0000000000370000-0x00000000003CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2252-7-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2544-13-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2544-14-0x00000000000F0000-0x000000000014B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2544-20-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download