16b93aec22514199b97ffbed64b34088eeef46e129e58a82cfaa114526168aaa

Analysis

max time kernel
151s
max time network
158s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe
Size

82KB
MD5

24fe7f859398578b37ed5d3f2bc8d400
SHA1

435163efba767afaf5ab10ce7eeaf82a7e97e661
SHA256

16b93aec22514199b97ffbed64b34088eeef46e129e58a82cfaa114526168aaa
SHA512

989fb9f8276ee59ec2b410d40cb9c42ae200bf0099cce5eb714a89bf2515c817354f796a4c8268adba212e558e77f971bb5718f03d66bb7a063c0bee5e2bf465
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRXrZSUfFKazNclMjNUvF:i5nkFGMOtEvwDpjNbwQEI8UtzNcO8F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2076	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1740	NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2076	1740	NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe	28
PID 1740 wrote to memory of 2076	1740	NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe	28
PID 1740 wrote to memory of 2076	1740	NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe	28
PID 1740 wrote to memory of 2076	1740	NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.24fe7f859398578b37ed5d3f2bc8d400.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
83KB

MD5
9c360adbe0f10814bac327788cc8488a

SHA1
1953634dfad9d4868980ba7120f3be34f8d31ada

SHA256
06afb356e1e3900d69fcc32dc3a7290669ad0f1d4cf6505f248677328c29f74c

SHA512
79293d8a0669f6ae1f9ef2d2cc3e7927033b0bc1bd8851e70a15d3055c307e26eaabc84d8c089c621200290d0f8cc98c0958b666c14d0bcfe3f7edcf465eb5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
83KB

MD5
9c360adbe0f10814bac327788cc8488a

SHA1
1953634dfad9d4868980ba7120f3be34f8d31ada

SHA256
06afb356e1e3900d69fcc32dc3a7290669ad0f1d4cf6505f248677328c29f74c

SHA512
79293d8a0669f6ae1f9ef2d2cc3e7927033b0bc1bd8851e70a15d3055c307e26eaabc84d8c089c621200290d0f8cc98c0958b666c14d0bcfe3f7edcf465eb5a6

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
83KB

MD5
9c360adbe0f10814bac327788cc8488a

SHA1
1953634dfad9d4868980ba7120f3be34f8d31ada

SHA256
06afb356e1e3900d69fcc32dc3a7290669ad0f1d4cf6505f248677328c29f74c

SHA512
79293d8a0669f6ae1f9ef2d2cc3e7927033b0bc1bd8851e70a15d3055c307e26eaabc84d8c089c621200290d0f8cc98c0958b666c14d0bcfe3f7edcf465eb5a6

Download Submit
memory/1740-3-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/1740-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1740-14-0x0000000002800000-0x000000000280F000-memory.dmp

Filesize
60KB

Download
memory/1740-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1740-2-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1740-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2076-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2076-20-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2076-19-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2076-27-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download