be4273f88884637ec42f985619dcb9fc1e8500e92b3741dc31878884e2b455fb

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 19:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe
Size

113KB
MD5

b4c82dcec81848a47b64a95f9a9b9d00
SHA1

834470a89e12e0b9312094b9254a2f0fea075a3b
SHA256

be4273f88884637ec42f985619dcb9fc1e8500e92b3741dc31878884e2b455fb
SHA512

1333fd9c08d007c372a45247db1f9ea0d3c8d110c2dc1b9ec669d78b99ffbe2cc7734aadafb1b5f402edeb5ed38f0d46ec5e5176429663c3fbcf19ec30a3aa87
SSDEEP

768:c1XfjCHM5KCI/LRPWO+ybg+wRla70FTZ/zHFoCytOMR/o:KXGs5KCgRuTagj53ytbR/o

Score

7^/10

persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2540	cmd.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Windows\CurrentVersion\Run\stubpath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\apple.exe"	NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2540	2796	NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe	29
PID 2796 wrote to memory of 2540	2796	NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe	29
PID 2796 wrote to memory of 2540	2796	NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe	29
PID 2796 wrote to memory of 2540	2796	NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b4c82dcec81848a47b64a95f9a9b9d00.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\1.bat
  2⤵
  - Deletes itself
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
133B

MD5
5d630007f0a22f7a88e4c1fa934dd4a7

SHA1
b921ef86c4ffdb41aa13903d55351462a7bf9c3c

SHA256
25748da2aa65d55ad958a1c0cac942bc99324a20c949f9aeb8d83aeb953782dd

SHA512
e86374c160fc3bed1ece20083fe890d14f3c287661c50bdaf4e27f642758be7de2376d80b5e74ec4fbb25657f4dd22b9fbbd2c492d84d31e2677fe988603ca6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
133B

MD5
5d630007f0a22f7a88e4c1fa934dd4a7

SHA1
b921ef86c4ffdb41aa13903d55351462a7bf9c3c

SHA256
25748da2aa65d55ad958a1c0cac942bc99324a20c949f9aeb8d83aeb953782dd

SHA512
e86374c160fc3bed1ece20083fe890d14f3c287661c50bdaf4e27f642758be7de2376d80b5e74ec4fbb25657f4dd22b9fbbd2c492d84d31e2677fe988603ca6c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads