Overview

overview

7

Static

static

3

NEAS.b89a7...00.exe

windows7-x64

7

NEAS.b89a7...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 19:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe

  • Size

    465KB

  • MD5

    b89a7a5080078f28a4cfc738e5a9d200

  • SHA1

    164ef784b11234838cf39dce9c68a9846bc9d90b

  • SHA256

    491df8b52e873a82567451662d855c7333d3ffc0d1f44a63b4731cbecee57680

  • SHA512

    0f4c6f4a1c84861dbe3b50d64b83d44b6d65d9fcfa50690f9aef16ed7ce70e6e06639e16b3cd2d9954c574d438049677f7d2203365d2207547b129270744e39a

  • SSDEEP

    12288:Bb4bZudi79LWb5IPH8ol5KIqaKJtKytr7tA:Bb4bcdkLs2Hn0ImKytr7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Users\Admin\AppData\Local\Temp\82B.tmp
      "C:\Users\Admin\AppData\Local\Temp\82B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe 7589803E0B1FF2349B9EE16475D4F7C06947A90D0CC7B8C967619BFEB2D0B3E73BC7E0F99CE1E78C18C84ECD86D783C08E165455C466D4FD3E19E6A3D28CCB3F
      2⤵
      • Executes dropped EXE
      PID:2796

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\82B.tmp
          Filesize

          465KB

          MD5

          de5b06a620c545e54feff85094dabf15

          SHA1

          cf21b26fb9b4ddc161c92f4a07f1b02ca49524da

          SHA256

          c67bad248f65ee7b342726b9ce458f0a67e35d5e82cc847559b70a7ffb6a56c0

          SHA512

          a8b2b0353412c7e07a0dcb242493cf21f7e0c84b8c9163f29bc39a4478de20d04c8b5b4ddc0089f812484f9cdcd1c45ad0a1804a2dbcecf8c9fa941320113a64

          Download Submit

        • \Users\Admin\AppData\Local\Temp\82B.tmp
          Filesize

          465KB

          MD5

          de5b06a620c545e54feff85094dabf15

          SHA1

          cf21b26fb9b4ddc161c92f4a07f1b02ca49524da

          SHA256

          c67bad248f65ee7b342726b9ce458f0a67e35d5e82cc847559b70a7ffb6a56c0

          SHA512

          a8b2b0353412c7e07a0dcb242493cf21f7e0c84b8c9163f29bc39a4478de20d04c8b5b4ddc0089f812484f9cdcd1c45ad0a1804a2dbcecf8c9fa941320113a64

          Download Submit