Overview

overview

7

Static

static

3

NEAS.b4fec...50.exe

windows7-x64

7

NEAS.b4fec...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b4fecd7c6030c9ff2b339c4e9c43c350.exe

  • Size

    76KB

  • MD5

    b4fecd7c6030c9ff2b339c4e9c43c350

  • SHA1

    eaa782db84b6c3f4cda05d3ea6027effb7fccc7a

  • SHA256

    6f768b87411c812191735e1e57fc8a2a153f1cb3fbff909cf5e96ce445afd0e0

  • SHA512

    53921852ce4d3e421d425f90e84bd48b0295f4da5bb22f345745c454d15f43c70233ebe0302022a156358284ffd7cf67fcc4541378dc77abc8b169de9e07584b

  • SSDEEP

    1536:Fc897EsWjcd9w+AyabjDbxE+MwmvlDuazTME:ZxpAyazIlyazTME

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b4fecd7c6030c9ff2b339c4e9c43c350.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b4fecd7c6030c9ff2b339c4e9c43c350.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wep30YsuvfUDOjm.exe
    Filesize

    76KB

    MD5

    648cff5df40e4651b57fd311d1d5e877

    SHA1

    ed60fa13ec37eb964632d00f942c7e8a0e320184

    SHA256

    181cd4c9114384836e1e99c79c9d26aa4b6d429070ce70b1c716f0d13c6637be

    SHA512

    45f43f2262d60909fbd4d2aa113aadd003a217ae583ec71d6e448510b0f592ce96823f75ecb98e854440b3587b03761a328d25415fe2d901f10df59eab137dc2

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f53a5c9ca2e3837485afaba90a4cd7e2

    SHA1

    5b02231c979d9af0990294094113aca1de3fb8b4

    SHA256

    479450abbbb7bded1c00cceb20497fc90f6156325b86401505b50739075a63ba

    SHA512

    4c0c8ec807e458f5fe9407796307d43ae109047a133d08ef3ce86b726646749dcce6802a85a9a3186c9837afd1e8b0d040f74d6034865a1e2a62f28c4e8e3c78

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f53a5c9ca2e3837485afaba90a4cd7e2

    SHA1

    5b02231c979d9af0990294094113aca1de3fb8b4

    SHA256

    479450abbbb7bded1c00cceb20497fc90f6156325b86401505b50739075a63ba

    SHA512

    4c0c8ec807e458f5fe9407796307d43ae109047a133d08ef3ce86b726646749dcce6802a85a9a3186c9837afd1e8b0d040f74d6034865a1e2a62f28c4e8e3c78

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f53a5c9ca2e3837485afaba90a4cd7e2

    SHA1

    5b02231c979d9af0990294094113aca1de3fb8b4

    SHA256

    479450abbbb7bded1c00cceb20497fc90f6156325b86401505b50739075a63ba

    SHA512

    4c0c8ec807e458f5fe9407796307d43ae109047a133d08ef3ce86b726646749dcce6802a85a9a3186c9837afd1e8b0d040f74d6034865a1e2a62f28c4e8e3c78

    Download Submit