Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
15-10-2023 19:40
General
-
Target
8b8a6e87a8043d8c2aeda68673d750c0_exe32.exe
-
Size
991KB
-
MD5
8b8a6e87a8043d8c2aeda68673d750c0
-
SHA1
2000f12d41fa846a0b0a515bd0c055673cfaf012
-
SHA256
03a3e5008edcc3c84f49b524f83e919b75224115bd6a4b5314d908527034a33d
-
SHA512
39d01fd01b8105ab304ade5279d7a621ac23dddb0df101a65afe7102c783a1c4af9464743f62786c29a6f0397cd354cfa4994f566793b576d7ed1fa51719c62e
-
SSDEEP
12288:z8ry763nxQ+dlzjsgl5Kg1R9wPm6iz6cuse0CSz4uuOBM66zXkx:4rxQ+d1ggl5Kg1R9wPm6Bcle0c7Xkx
Malware Config
Signatures
-
Detect Neshta payload 16 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b8a6e87a8043d8c2aeda68673d750c0_exe32.exe"C:\Users\Admin\AppData\Local\Temp\8b8a6e87a8043d8c2aeda68673d750c0_exe32.exe"1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\8b8a6e87a8043d8c2aeda68673d750c0_exe32.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\8b8a6e87a8043d8c2aeda68673d750c0_exe32.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD58ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA2568268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA5120b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427
-
Filesize
950KB
MD584270a25c2a2b0dfbd49ed2bc1840943
SHA11574f292fed42849ec15721635031e300c70cc31
SHA2566d5ce6425871c2d5da7240d291362fed9e56d46ed04d1bc0a10580ea8a69f1e6
SHA512fd07fc97aeea52a7894963c4f51c7d1e4563a7c72f4f5e0c86934de681e31f90c77de32bccabe14b0aad59a8ec0122a7d4235ec717b9ebd608cdb86782b94631
-
Filesize
950KB
MD584270a25c2a2b0dfbd49ed2bc1840943
SHA11574f292fed42849ec15721635031e300c70cc31
SHA2566d5ce6425871c2d5da7240d291362fed9e56d46ed04d1bc0a10580ea8a69f1e6
SHA512fd07fc97aeea52a7894963c4f51c7d1e4563a7c72f4f5e0c86934de681e31f90c77de32bccabe14b0aad59a8ec0122a7d4235ec717b9ebd608cdb86782b94631
-
Filesize
950KB
MD584270a25c2a2b0dfbd49ed2bc1840943
SHA11574f292fed42849ec15721635031e300c70cc31
SHA2566d5ce6425871c2d5da7240d291362fed9e56d46ed04d1bc0a10580ea8a69f1e6
SHA512fd07fc97aeea52a7894963c4f51c7d1e4563a7c72f4f5e0c86934de681e31f90c77de32bccabe14b0aad59a8ec0122a7d4235ec717b9ebd608cdb86782b94631
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
980KB