Overview

overview

8

Static

static

3

NEAS.7ea63...c0.exe

windows7-x64

8

NEAS.7ea63...c0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7ea63706ada34073d2dc66f5d8eb99c0.exe

  • Size

    307KB

  • MD5

    7ea63706ada34073d2dc66f5d8eb99c0

  • SHA1

    fa401431bbe6ea333dd277046bfef547aee0016e

  • SHA256

    717ebc7bebc0a52977e2f342fda95c6fbacfd327f8f0b0e422e504d2fde5812b

  • SHA512

    fbbc02b7ed630ac06cd78b5c75d85b20bef96c80c3aa890d86fca35d819563b6d9f54f6a58608f3ed958ff413d80aee70d5ea1cb55b8153deabb21e8ec264afc

  • SSDEEP

    6144:XqcK2wLXmovh8VjHOvEtvTZagN79zielmkj/5CIZbqQgx2Mxa:zK2wqiKHjZaIQJkjwIZzc2M4

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7ea63706ada34073d2dc66f5d8eb99c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7ea63706ada34073d2dc66f5d8eb99c0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1936
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {D2C04975-B8DB-4B32-9900-5A97A9CF75B2} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\PROGRA~3\Mozilla\xvqykzi.exe
      C:\PROGRA~3\Mozilla\xvqykzi.exe -tkarfve
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\xvqykzi.exe
    Filesize

    307KB

    MD5

    be13721b84461f2a3aa493029b5a9a47

    SHA1

    5f53736846d7343bda4f440a60f751a1bb84838e

    SHA256

    ac2e3053646accb0fbfc75199694681ecc7874073a96ce6724872d7734d7a090

    SHA512

    bb5db15631b0f8512eee61e9a182de5c7675a63199e2ea49f5311e961e606caa69d3c794e98a103e7accaed92ce8a1eec42d9048b299fa5077f1b00c2202a2ce

    Download Submit

  • C:\PROGRA~3\Mozilla\xvqykzi.exe
    Filesize

    307KB

    MD5

    be13721b84461f2a3aa493029b5a9a47

    SHA1

    5f53736846d7343bda4f440a60f751a1bb84838e

    SHA256

    ac2e3053646accb0fbfc75199694681ecc7874073a96ce6724872d7734d7a090

    SHA512

    bb5db15631b0f8512eee61e9a182de5c7675a63199e2ea49f5311e961e606caa69d3c794e98a103e7accaed92ce8a1eec42d9048b299fa5077f1b00c2202a2ce

    Download Submit

  • memory/1264-11-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1264-12-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1936-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1936-1-0x0000000000320000-0x000000000037B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1936-7-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download