Overview

overview

8

Static

static

7

NEAS.80cc7...20.exe

windows7-x64

8

NEAS.80cc7...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.80cc7d12773e555aedb47d9041317b20.exe

  • Size

    365KB

  • MD5

    80cc7d12773e555aedb47d9041317b20

  • SHA1

    7f96ef384e1aedd25676b37c60188c6e3c47a4aa

  • SHA256

    5dc4c5808ceb622d7a978d2cd41fe6981686e3e509116be06ecbd8bb76aad659

  • SHA512

    f1a77a278f9b92871017118db580719b866e563992a0b2f6fff3aabcd8f606af47843e3fcaef89cb9000013b44b5b0baadbd51ca2656f87cfe4e625f59493d7b

  • SSDEEP

    3072:R4wsgTsDAJJRjONJQcwAOwzy8f1StC4SZmGTLFZhh2D+0caj3kyRACE2d:R4wNJJOJflpd46ZLn9ozE2d

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.80cc7d12773e555aedb47d9041317b20.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.80cc7d12773e555aedb47d9041317b20.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2228
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {50BC4F54-AB11-4850-B41C-A7A0CB6C2A32} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\PROGRA~3\Mozilla\znwkgzk.exe
      C:\PROGRA~3\Mozilla\znwkgzk.exe -nfwatvg
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\znwkgzk.exe
    Filesize

    365KB

    MD5

    bc06a3475f7615622e86460d96785d89

    SHA1

    99846b197c07e4b9fbd09d53861cc368601894cc

    SHA256

    6b8b50fa93d56bb6e1a6b6d65b84177855f8fadb1394b47321f645c27f5458ce

    SHA512

    309d4eaf2d0d00575be9b3d257b70f413dbd73634708684ec5838516f1b1762d8070205a07085141dc1a0193e0398d372f2768aaf00149a4d94f74b9e89b9398

    Download Submit

  • C:\PROGRA~3\Mozilla\znwkgzk.exe
    Filesize

    365KB

    MD5

    bc06a3475f7615622e86460d96785d89

    SHA1

    99846b197c07e4b9fbd09d53861cc368601894cc

    SHA256

    6b8b50fa93d56bb6e1a6b6d65b84177855f8fadb1394b47321f645c27f5458ce

    SHA512

    309d4eaf2d0d00575be9b3d257b70f413dbd73634708684ec5838516f1b1762d8070205a07085141dc1a0193e0398d372f2768aaf00149a4d94f74b9e89b9398

    Download Submit

  • memory/2228-0-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2228-1-0x00000000002A0000-0x00000000002FB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2228-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2228-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2228-5-0x00000000002A0000-0x00000000002FB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2412-8-0x0000000000520000-0x000000000057B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2412-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2412-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2412-12-0x0000000000520000-0x000000000057B000-memory.dmp

    Filesize

    364KB

    Download