Overview

overview

7

Static

static

3

NEAS.b89a7...00.exe

windows7-x64

7

NEAS.b89a7...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2023 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe

  • Size

    465KB

  • MD5

    b89a7a5080078f28a4cfc738e5a9d200

  • SHA1

    164ef784b11234838cf39dce9c68a9846bc9d90b

  • SHA256

    491df8b52e873a82567451662d855c7333d3ffc0d1f44a63b4731cbecee57680

  • SHA512

    0f4c6f4a1c84861dbe3b50d64b83d44b6d65d9fcfa50690f9aef16ed7ce70e6e06639e16b3cd2d9954c574d438049677f7d2203365d2207547b129270744e39a

  • SSDEEP

    12288:Bb4bZudi79LWb5IPH8ol5KIqaKJtKytr7tA:Bb4bcdkLs2Hn0ImKytr7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Users\Admin\AppData\Local\Temp\8ECE.tmp
      "C:\Users\Admin\AppData\Local\Temp\8ECE.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.b89a7a5080078f28a4cfc738e5a9d200.exe 9AB042005B003AF543F5575211FAB3FAB2EA30E47A92D3AAB359E6349C503C36E47344ADDA2BD4B7CEBF768CA66F12E3D762D76A2ABCDACC8A839792CD85F542
      2⤵
      • Executes dropped EXE
      PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8ECE.tmp
    Filesize

    465KB

    MD5

    be46e17308d93f98a5814c143629ed92

    SHA1

    177a2acb9538aba20d49eb8640fe367674745589

    SHA256

    0b88ac1f7f6afd7a03fe123842bb5aeafedd2c5704e7d8a2084186ad4d796a7c

    SHA512

    dea379ed77e4c195a56f647a7c2c2864fed1215467eccc25dcef0e640fddd26c5eff886d04bd1061a2128c73f69a8f45b17f8594a35686e883ec19df42618985

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8ECE.tmp
    Filesize

    465KB

    MD5

    be46e17308d93f98a5814c143629ed92

    SHA1

    177a2acb9538aba20d49eb8640fe367674745589

    SHA256

    0b88ac1f7f6afd7a03fe123842bb5aeafedd2c5704e7d8a2084186ad4d796a7c

    SHA512

    dea379ed77e4c195a56f647a7c2c2864fed1215467eccc25dcef0e640fddd26c5eff886d04bd1061a2128c73f69a8f45b17f8594a35686e883ec19df42618985

    Download Submit