Overview

overview

8

Static

static

3

NEAS.e3b65...b0.exe

windows7-x64

8

NEAS.e3b65...b0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    127s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.e3b65f490e6c5d463458d9bda288a5b0.exe

  • Size

    153KB

  • MD5

    e3b65f490e6c5d463458d9bda288a5b0

  • SHA1

    7bb43d329b39e8884b24d8ad95d9838973389446

  • SHA256

    5a961f487a4bd15fad7f758ba3cbd86191cdb8a826e76984fdc21241899efdaa

  • SHA512

    6655ca1ad8889f4dea582f6848962945cf6a27a816bf46f3361b74deb7ba055ca40aba44ed42e9f409acf00353bdf3159d460c926c3e68cae451a0d95c4120d5

  • SSDEEP

    3072:62n7CoWd07esc3BUEgiahMdnZylqQFB07+naL:fCoWd0kSEgiiAZc1B07aaL

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.e3b65f490e6c5d463458d9bda288a5b0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e3b65f490e6c5d463458d9bda288a5b0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2656
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {D8360EF2-A5E6-49B0-82BB-98B8D1D543A8} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\PROGRA~3\Mozilla\yzgwzlh.exe
      C:\PROGRA~3\Mozilla\yzgwzlh.exe -chuvxnb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\yzgwzlh.exe
    Filesize

    153KB

    MD5

    1df5066cb48a5f95c60484dd5556fd18

    SHA1

    23d3cdb2630bd3adcdbd66dc5a660d1b92008167

    SHA256

    f81290b1488186609b1c3a5dc24e5dc0c85c7575937fecd9b90b57983ae44453

    SHA512

    83b33ddbfa37672b87f46735ec749626adb54520a1f8b810667086737e73c497bb54aa159d48aa3e278e7e1ea73805991ea300397c6c9e05d52ddcac68d3c5a5

    Download Submit

  • C:\PROGRA~3\Mozilla\yzgwzlh.exe
    Filesize

    153KB

    MD5

    1df5066cb48a5f95c60484dd5556fd18

    SHA1

    23d3cdb2630bd3adcdbd66dc5a660d1b92008167

    SHA256

    f81290b1488186609b1c3a5dc24e5dc0c85c7575937fecd9b90b57983ae44453

    SHA512

    83b33ddbfa37672b87f46735ec749626adb54520a1f8b810667086737e73c497bb54aa159d48aa3e278e7e1ea73805991ea300397c6c9e05d52ddcac68d3c5a5

    Download Submit

  • memory/2656-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2656-1-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2656-2-0x0000000000160000-0x00000000001BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2656-7-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2676-20-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2676-21-0x0000000000310000-0x000000000036B000-memory.dmp

    Filesize

    364KB

    Download