44c8d7bad3a29c554e47afd2a11d34266d5fd6aed805e7d3d7d3bbb065805e5e

Analysis

max time kernel
144s
max time network
154s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:44

Target

NEAS.dab62427ae3089d96fd293916042c7d0.exe
Size

62KB
MD5

dab62427ae3089d96fd293916042c7d0
SHA1

586fcd0e1b2fd17f8bd07d1b91d3071c0e0d607e
SHA256

44c8d7bad3a29c554e47afd2a11d34266d5fd6aed805e7d3d7d3bbb065805e5e
SHA512

51bf2b22ce260da835d09e1dc6de9d34a743eb0a41b05517bccad901b2391b5206d90b7d9d0e319f46dc0d418f4c1b25618378f1078eff5086b6770864437f3d
SSDEEP

1536:0M6478/JKvXnLI0Cu9VwH5pFrwL2hrvZaiLi3D9zS/n:tV7IJKfku9CH5weh

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	ekrakdeep.exe

Loads dropped DLL 1 IoCs

pid	Process
1928	NEAS.dab62427ae3089d96fd293916042c7d0.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	checkip.dyndns.org

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2600	1928	NEAS.dab62427ae3089d96fd293916042c7d0.exe	28
PID 1928 wrote to memory of 2600	1928	NEAS.dab62427ae3089d96fd293916042c7d0.exe	28
PID 1928 wrote to memory of 2600	1928	NEAS.dab62427ae3089d96fd293916042c7d0.exe	28
PID 1928 wrote to memory of 2600	1928	NEAS.dab62427ae3089d96fd293916042c7d0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.dab62427ae3089d96fd293916042c7d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.dab62427ae3089d96fd293916042c7d0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
  C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
  2⤵
  - Executes dropped EXE
  PID:2600

C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe

Filesize
62KB

MD5
667a130d84dffd85fa6bb8bbbea877a5

SHA1
9e115e0a91aadbdd9e6aad0518605878e8e2a8e5

SHA256
c2d71e959b20df1f2ecd2ab0be92f661be4d77f476aa337091f7b278ee452f29

SHA512
15d17bfed1febb034ee39f7012cff4fbf64793dc2c8bc84e037a4b4645c145c192c16cfc875ff3fc73d35c68ac186bada68b161bc881f5c69bfcdc70f7752306

Download Submit
C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe

Filesize
62KB

MD5
667a130d84dffd85fa6bb8bbbea877a5

SHA1
9e115e0a91aadbdd9e6aad0518605878e8e2a8e5

SHA256
c2d71e959b20df1f2ecd2ab0be92f661be4d77f476aa337091f7b278ee452f29

SHA512
15d17bfed1febb034ee39f7012cff4fbf64793dc2c8bc84e037a4b4645c145c192c16cfc875ff3fc73d35c68ac186bada68b161bc881f5c69bfcdc70f7752306

Download Submit
\Users\Admin\AppData\Local\Temp\ekrakdeep.exe

Filesize
62KB

MD5
667a130d84dffd85fa6bb8bbbea877a5

SHA1
9e115e0a91aadbdd9e6aad0518605878e8e2a8e5

SHA256
c2d71e959b20df1f2ecd2ab0be92f661be4d77f476aa337091f7b278ee452f29

SHA512
15d17bfed1febb034ee39f7012cff4fbf64793dc2c8bc84e037a4b4645c145c192c16cfc875ff3fc73d35c68ac186bada68b161bc881f5c69bfcdc70f7752306

Download Submit
memory/1928-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2600-6-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/2600-7-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2600-9-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download