0e609e7d63904549fca52707c4ce637fe3e3b94dbd2c674106f285ddbc5095d0

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.56519e12e48739165f2943a8f1d4e520.exe
Size

1.6MB
MD5

56519e12e48739165f2943a8f1d4e520
SHA1

555ad4a6344ae7f073049f955ec86320c467cfc7
SHA256

0e609e7d63904549fca52707c4ce637fe3e3b94dbd2c674106f285ddbc5095d0
SHA512

72dce84408651c9b7cd4c05a298a6bea4dbd30370c5020de459c258894f244a13ee29b7d637279a3ac1249ed4d31f44b48f0df2dbfc6efa21b7cbe92b63eb3f3
SSDEEP

24576:Ik6KMvfx2I5uSOKzEd8BCi7srLmq1oLgQ8Oo2wjGVptsPi76yErjQDxkjF94GB4z:IkObDBCigfK7ZbwjWptmF/QDxKP3vy26

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4700	GLBCDC0.tmp

Loads dropped DLL 5 IoCs

pid	Process
4700	GLBCDC0.tmp
4700	GLBCDC0.tmp
4700	GLBCDC0.tmp
4700	GLBCDC0.tmp
4700	GLBCDC0.tmp

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	GLBCDC0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4700	3812	NEAS.56519e12e48739165f2943a8f1d4e520.exe	82
PID 3812 wrote to memory of 4700	3812	NEAS.56519e12e48739165f2943a8f1d4e520.exe	82
PID 3812 wrote to memory of 4700	3812	NEAS.56519e12e48739165f2943a8f1d4e520.exe	82

C:\Users\Admin\AppData\Local\Temp\NEAS.56519e12e48739165f2943a8f1d4e520.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.56519e12e48739165f2943a8f1d4e520.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Users\Admin\AppData\Local\Temp\GLBCDC0.tmp
  C:\Users\Admin\AppData\Local\Temp\GLBCDC0.tmp 4736 C:\Users\Admin\AppData\Local\Temp\NEAS56~1.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLBCDC0.tmp

Filesize
70KB

MD5
84b893176ba640350df7540fbee2dc07

SHA1
de16a169b1cfe410a5e99e0e827d06b5ec324192

SHA256
dd31751323b91e18f0520922b2aa3dc13095ecfecd78e1dc852c2d4a617f43bd

SHA512
b979fd4a290921fc325495a8b7f12d099d3ab4d813482ea90e4379191fa03237b07f6a13b891081bc2e1dacd492296a2e0f8736548613d379a1fc915e136c3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLBCDC0.tmp

Filesize
70KB

MD5
84b893176ba640350df7540fbee2dc07

SHA1
de16a169b1cfe410a5e99e0e827d06b5ec324192

SHA256
dd31751323b91e18f0520922b2aa3dc13095ecfecd78e1dc852c2d4a617f43bd

SHA512
b979fd4a290921fc325495a8b7f12d099d3ab4d813482ea90e4379191fa03237b07f6a13b891081bc2e1dacd492296a2e0f8736548613d379a1fc915e136c3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLCD34E.tmp

Filesize
161KB

MD5
8c97d8bb1470c6498e47b12c5a03ce39

SHA1
15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

SHA256
a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

SHA512
7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLFE5B1.tmp

Filesize
10KB

MD5
3b2e23d259394c701050486e642d14fa

SHA1
4e9661c4ba84400146b80b905f46a0f7ef4d62eb

SHA256
166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

SHA512
2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLFE5B1.tmp

Filesize
10KB

MD5
3b2e23d259394c701050486e642d14fa

SHA1
4e9661c4ba84400146b80b905f46a0f7ef4d62eb

SHA256
166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

SHA512
2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLFE5B1.tmp

Filesize
10KB

MD5
3b2e23d259394c701050486e642d14fa

SHA1
4e9661c4ba84400146b80b905f46a0f7ef4d62eb

SHA256
166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

SHA512
2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLFE5B1.tmp

Filesize
10KB

MD5
3b2e23d259394c701050486e642d14fa

SHA1
4e9661c4ba84400146b80b905f46a0f7ef4d62eb

SHA256
166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

SHA512
2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLFE5B1.tmp

Filesize
10KB

MD5
3b2e23d259394c701050486e642d14fa

SHA1
4e9661c4ba84400146b80b905f46a0f7ef4d62eb

SHA256
166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

SHA512
2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads