c8797f165cc6cb443ba45c6a0fc4fde9eba6f9bb5e141bb8632334ca98d50d4c

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe
Size

60KB
MD5

a782b1a3c2a2c28ade8854c988ebd320
SHA1

0bb4261cfb712c8cabb8c6be1b67ab87ee1e4f42
SHA256

c8797f165cc6cb443ba45c6a0fc4fde9eba6f9bb5e141bb8632334ca98d50d4c
SHA512

e47fc4eede10d6d785a90bd1a287f77299c17bf48c95451a96c58da4990ffe09e58d9fbc3669ce3cc6c81cbd74e21282a125c488c62731f59a50bb111b479747
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0oj670z:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2176	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe
2176	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2176	2204	NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe	28
PID 2204 wrote to memory of 2176	2204	NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe	28
PID 2204 wrote to memory of 2176	2204	NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe	28
PID 2204 wrote to memory of 2176	2204	NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a782b1a3c2a2c28ade8854c988ebd320.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
60KB

MD5
260d3107d0970af44fd257aa749b8188

SHA1
ab1b854753df9bca8d26b0893ffb311a4d3ff2e2

SHA256
ad362a9da6019d4bfa31fcfa43d3a7a823f3b8642f6d7bd410b3f590a596bdf1

SHA512
7a7d9bb4258f4bc1a164635ba2d59d0a7c8681358e1d66c58056678ddc01d58af08ea30c33d64e081f0cdc4c60a26b762a45c228417e8678f0fff72f14c620a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
60KB

MD5
260d3107d0970af44fd257aa749b8188

SHA1
ab1b854753df9bca8d26b0893ffb311a4d3ff2e2

SHA256
ad362a9da6019d4bfa31fcfa43d3a7a823f3b8642f6d7bd410b3f590a596bdf1

SHA512
7a7d9bb4258f4bc1a164635ba2d59d0a7c8681358e1d66c58056678ddc01d58af08ea30c33d64e081f0cdc4c60a26b762a45c228417e8678f0fff72f14c620a6

Download Submit
\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
60KB

MD5
260d3107d0970af44fd257aa749b8188

SHA1
ab1b854753df9bca8d26b0893ffb311a4d3ff2e2

SHA256
ad362a9da6019d4bfa31fcfa43d3a7a823f3b8642f6d7bd410b3f590a596bdf1

SHA512
7a7d9bb4258f4bc1a164635ba2d59d0a7c8681358e1d66c58056678ddc01d58af08ea30c33d64e081f0cdc4c60a26b762a45c228417e8678f0fff72f14c620a6

Download Submit
memory/2176-17-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2204-0-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2204-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2204-2-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download