Overview

overview

7

Static

static

3

NEAS.9fb61...a0.exe

windows7-x64

7

NEAS.9fb61...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.9fb61031d5668495a1eef6a7ae74b4a0.exe

  • Size

    111KB

  • MD5

    9fb61031d5668495a1eef6a7ae74b4a0

  • SHA1

    a6d886f86da2ea86aa7acfb5dd9470d3862e3fb2

  • SHA256

    1b5fa19be9b4e4a48f5d1fc7b6042572ee34e5300985aca1112dfc75268dd897

  • SHA512

    6457556c91af8f50c0f852338b06822faffd542e12a8b55e664e57b4499d6e2d80237fc29c5bb0e8b1a6cf50e98da448a90d81233d5a783fbc36aa92a10db5aa

  • SSDEEP

    3072:mvz05zKu6jOKuNKEuWKDhm5mlXwWRfemB3GikaVrrQ1IPnHFIb:Jyhm5m9RoiXVr01IP0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.9fb61031d5668495a1eef6a7ae74b4a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9fb61031d5668495a1eef6a7ae74b4a0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ngp..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:1328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Ngp..bat
    Filesize

    220B

    MD5

    7e8729e623b685db0432eb4982d5114f

    SHA1

    54e114a357597ef380162553a970f0298ffaf916

    SHA256

    de7c8c4d75144b88fe501e5750e4c943c29e3306453625c46fda545ca2d26b99

    SHA512

    c0540eb8219f83393b532f00aa5eac504469201550cb719999e85abdc10e2081ec05bb56ab8cbd02be94d3d2b397abcdccbde3eff2d162cee9d746cc57e179ba

    Download Submit

  • memory/2076-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2076-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2076-2-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2076-3-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2076-4-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2076-5-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2076-7-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download