Overview

overview

7

Static

static

3

NEAS.66eec...20.exe

windows7-x64

7

NEAS.66eec...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    222s
  • max time network
    261s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 17:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.66eec6285e765b9aba9b9af85efc9420.exe

  • Size

    50KB

  • MD5

    66eec6285e765b9aba9b9af85efc9420

  • SHA1

    c2896fcf4df26fabd8682fa9f440808b4a8e2175

  • SHA256

    31591aa01cfaa785251d16618f98fca6e6ba1dced29fe46d18f6fba2268d568f

  • SHA512

    11a09c97b429e103bceed12ff169ee77361493fd402c164d0b594b746c2b7ba13c05d93fb79d2e25c06c5a9ef349fdce1d9518441b8f61d876ecac23eb9757dc

  • SSDEEP

    768:9Y8ZGkv7+1VV+om9CKfi7tJ/4BKh1bmewNATCRZip+r:6eGkv7+1W9CKfi7tJ/4wHBHORZip+r

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.66eec6285e765b9aba9b9af85efc9420.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.66eec6285e765b9aba9b9af85efc9420.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Users\Admin\AppData\Local\Temp\dittunu.exe
      C:\Users\Admin\AppData\Local\Temp\dittunu.exe
      2⤵
      • Executes dropped EXE
      PID:4732

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\dittunu.exe
          Filesize

          50KB

          MD5

          78e3020d5f6968b31b95d13b9064e8f5

          SHA1

          31af801ff5f0762588ea6fb21731c37e85a88c58

          SHA256

          e6eecbc3e453c253b594cc2b242b7e6f56101729d0e6c7ba79b0a09dd1a66b75

          SHA512

          dc8720152e2557bb9ee7dbdcb1cb331b12c9f1d633740014142d15233ad417dd80aaf5f4578bdfbc8424b8a842ed4070bff11a0bd1d2c52c098c39414fac321a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dittunu.exe
          Filesize

          50KB

          MD5

          78e3020d5f6968b31b95d13b9064e8f5

          SHA1

          31af801ff5f0762588ea6fb21731c37e85a88c58

          SHA256

          e6eecbc3e453c253b594cc2b242b7e6f56101729d0e6c7ba79b0a09dd1a66b75

          SHA512

          dc8720152e2557bb9ee7dbdcb1cb331b12c9f1d633740014142d15233ad417dd80aaf5f4578bdfbc8424b8a842ed4070bff11a0bd1d2c52c098c39414fac321a

          Download Submit

        • memory/1780-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4732-5-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download