Overview

overview

8

Static

static

3

NEAS.68562...70.exe

windows7-x64

8

NEAS.68562...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.6856213383478f6eb87a5870ccb16770.exe

  • Size

    228KB

  • MD5

    6856213383478f6eb87a5870ccb16770

  • SHA1

    36171c6eebceacc7869be3f28eb3733418e89ea0

  • SHA256

    4fc3845ed40811ea83668c46f66054618bf97ba6f48684ff51a78abb7e759269

  • SHA512

    342ac51e7fba40e08f5b5f473b03ec7171c53d74c3fd678ca1c3cd34e95e3c4101ccc9a17cdbea17055bcb5a7c62821b2d9fbfadab81a46fa903c9bacf6e8bda

  • SSDEEP

    3072:URtnaxdjv3SoCrKdKUUTNHY5Snf8TvHTxK3STrOdHa5S2jbxWGqJs8:dj8rKdKUUhHYE0T7ciXOdHa5SbGqJj

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.6856213383478f6eb87a5870ccb16770.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.6856213383478f6eb87a5870ccb16770.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2712
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {C1F13003-591F-40E0-8B11-649B486546EF} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\PROGRA~3\Mozilla\yzgwzlh.exe
      C:\PROGRA~3\Mozilla\yzgwzlh.exe -chuvxnb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\yzgwzlh.exe
    Filesize

    228KB

    MD5

    6250030955dec3666bd89fb01520f17d

    SHA1

    c54884bf37c5689460da471059f1733795665821

    SHA256

    f8bc7408993aa319c92952658e62913570757142911eec60d4179384c4601e09

    SHA512

    f5246670c69129afc275be6a31111b320452fb7f8b0dd2c60a8b07630d7aa6122d5a459a383994abe013ae14c879d376db70aec15e06b243bc3d1b18ccc39859

    Download Submit

  • C:\PROGRA~3\Mozilla\yzgwzlh.exe
    Filesize

    228KB

    MD5

    6250030955dec3666bd89fb01520f17d

    SHA1

    c54884bf37c5689460da471059f1733795665821

    SHA256

    f8bc7408993aa319c92952658e62913570757142911eec60d4179384c4601e09

    SHA512

    f5246670c69129afc275be6a31111b320452fb7f8b0dd2c60a8b07630d7aa6122d5a459a383994abe013ae14c879d376db70aec15e06b243bc3d1b18ccc39859

    Download Submit

  • memory/2704-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2704-9-0x0000000000460000-0x00000000004BC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2704-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2704-13-0x0000000000460000-0x00000000004BC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2712-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2712-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2712-1-0x0000000000330000-0x000000000038C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2712-4-0x0000000000330000-0x000000000038C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2712-5-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2712-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download