ec00a06be0873cc6cd634521df8b98c270cee73f7fe27e0c8af99fa6fc30fdee

Analysis

max time kernel
168s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe
Size

70KB
MD5

d4527d5890cd52c81a1c4d8365aacd60
SHA1

3896da469f7fa84a16c2fb12c9902a49c06eea4b
SHA256

ec00a06be0873cc6cd634521df8b98c270cee73f7fe27e0c8af99fa6fc30fdee
SHA512

0ab87bf374896544f79d095192cea164c7f2ff2966ec0b5c423ffaf28ad554fb35d80831c02f871467ab3edfdefc0f45971089b433825f60eb37235a149e948b
SSDEEP

1536:WZFJTafg3hnfq4yyFB1iRT9bPKzvcOZ70AKgAr:2FGgRfqI8

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe

Executes dropped EXE 1 IoCs

pid	Process
4452	retro.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 4452	2680	NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe	88
PID 2680 wrote to memory of 4452	2680	NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe	88
PID 2680 wrote to memory of 4452	2680	NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe	88

C:\Users\Admin\AppData\Local\Temp\NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d4527d5890cd52c81a1c4d8365aacd60.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Users\Admin\AppData\Local\Temp\retro.exe
  "C:\Users\Admin\AppData\Local\Temp\retro.exe"
  2⤵
  - Executes dropped EXE
  PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\retro.exe

Filesize
71KB

MD5
8e11a21dd6e2c5fe92ad0a1af0d69976

SHA1
5f1ab3525c0c7d019727ddde4eadbbbfbb2dd2c4

SHA256
a2ea4f35a39ce0281ac8c4465a937da844ef1fcd398cc5f6c5f5b5617dbc469f

SHA512
e67307225d4741b39727fcf2d68a4dadeb3388bfac320b946a3b92cbb515c94430b7b6fa8b27ce46506ddb2db7f9eb10c40bb00d7ff4615711b6c08b8248da36

Download Submit
C:\Users\Admin\AppData\Local\Temp\retro.exe

Filesize
71KB

MD5
8e11a21dd6e2c5fe92ad0a1af0d69976

SHA1
5f1ab3525c0c7d019727ddde4eadbbbfbb2dd2c4

SHA256
a2ea4f35a39ce0281ac8c4465a937da844ef1fcd398cc5f6c5f5b5617dbc469f

SHA512
e67307225d4741b39727fcf2d68a4dadeb3388bfac320b946a3b92cbb515c94430b7b6fa8b27ce46506ddb2db7f9eb10c40bb00d7ff4615711b6c08b8248da36

Download Submit
C:\Users\Admin\AppData\Local\Temp\retro.exe

Filesize
71KB

MD5
8e11a21dd6e2c5fe92ad0a1af0d69976

SHA1
5f1ab3525c0c7d019727ddde4eadbbbfbb2dd2c4

SHA256
a2ea4f35a39ce0281ac8c4465a937da844ef1fcd398cc5f6c5f5b5617dbc469f

SHA512
e67307225d4741b39727fcf2d68a4dadeb3388bfac320b946a3b92cbb515c94430b7b6fa8b27ce46506ddb2db7f9eb10c40bb00d7ff4615711b6c08b8248da36

Download Submit
memory/2680-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2680-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download
memory/2680-2-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download
memory/2680-3-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4452-21-0x0000000000530000-0x0000000000536000-memory.dmp

Filesize
24KB

Download
memory/4452-46-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download