Overview

overview

7

Static

static

3

NEAS.8c0a9...70.exe

windows7-x64

7

NEAS.8c0a9...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.8c0a953f6984dc55f7fdda4dc6770870.exe

  • Size

    48KB

  • MD5

    8c0a953f6984dc55f7fdda4dc6770870

  • SHA1

    2f74e89b652ebb65f921107383bc38b39fd6640e

  • SHA256

    1a8621ebf207c96d46c6c4693303019702dc6b5c48da9fc920f0648fb2c0700f

  • SHA512

    d448528940f67a19974438ab02dde9a814ac823990f84949a8a337bad061e81f4a7b874b1fa665a73583c4765bcd87e1569bf73a4bcf2214580fe50ee188e7dd

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9X2:bIDOw9a0DwitDZzc2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.8c0a953f6984dc55f7fdda4dc6770870.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8c0a953f6984dc55f7fdda4dc6770870.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    48KB

    MD5

    d00185db0258eba068be294b73b5e017

    SHA1

    2f14e5baa1c204bd65c7162cdde89415f7074ab0

    SHA256

    02f3680b56a328c159a7e3a6c7546ba74104e30302a9a01fe08179b77f7453e4

    SHA512

    3eb62f5964317963e298a9face83484d43695bf6349878a8ff36036cd32dc4155d01520ffa6ea0d834e171dbc85de70806b8ee80b9d3b67682aba5b73cf00a91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    48KB

    MD5

    d00185db0258eba068be294b73b5e017

    SHA1

    2f14e5baa1c204bd65c7162cdde89415f7074ab0

    SHA256

    02f3680b56a328c159a7e3a6c7546ba74104e30302a9a01fe08179b77f7453e4

    SHA512

    3eb62f5964317963e298a9face83484d43695bf6349878a8ff36036cd32dc4155d01520ffa6ea0d834e171dbc85de70806b8ee80b9d3b67682aba5b73cf00a91

    Download Submit

  • \Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    48KB

    MD5

    d00185db0258eba068be294b73b5e017

    SHA1

    2f14e5baa1c204bd65c7162cdde89415f7074ab0

    SHA256

    02f3680b56a328c159a7e3a6c7546ba74104e30302a9a01fe08179b77f7453e4

    SHA512

    3eb62f5964317963e298a9face83484d43695bf6349878a8ff36036cd32dc4155d01520ffa6ea0d834e171dbc85de70806b8ee80b9d3b67682aba5b73cf00a91

    Download Submit

  • memory/2236-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2236-1-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2236-2-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download