Overview

overview

8

Static

static

3

NEAS.701d4...d0.exe

windows7-x64

8

NEAS.701d4...d0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2023, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.701d49fb84f1a1c4776f93e6bb8583d0.exe

  • Size

    174KB

  • MD5

    701d49fb84f1a1c4776f93e6bb8583d0

  • SHA1

    ce1f1ada3e043fb69507bf56c672859d6172948a

  • SHA256

    c1f9e9c446bb7bbdf484e007b6389fe07f0ea80ba3d055293aba036852a8556b

  • SHA512

    3a631405dbba0f30d601421726cf020a63a35cdeb6ebafcf97e2cc612bc375cf486380b474d8bb03f0257dbe16abfc02d4df0c358a82043b39048167fd95aaad

  • SSDEEP

    3072:ULcBBW/A1jbGs2lD6IHdfdAXvnbWl0tlRJl7PCIa5L43C:EA1jys2lZHdObfhJlG4S

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.701d49fb84f1a1c4776f93e6bb8583d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.701d49fb84f1a1c4776f93e6bb8583d0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2076
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {FEDC1764-6429-453F-B8E8-BCD6B0050F35} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\PROGRA~3\Mozilla\aaacbzj.exe
      C:\PROGRA~3\Mozilla\aaacbzj.exe -uzlnuvg
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\aaacbzj.exe
    Filesize

    174KB

    MD5

    7abfaf2e33ef7a5b245b4ae7803af3b2

    SHA1

    eb199415d3e85feeefc9f75e89717515c9be350f

    SHA256

    9c6320ef335d60d22e037a76d15b2846d4851ae8c16d1831660309cec4e8d22e

    SHA512

    411e6e0586d1d52e2ca8bcb4aef965116b42cbc544c5612ccff0f46d8e775884e272d271bdb8ca49fdbb567be63f9e633d3e3b0c9b63514a1ce94c5f245fed08

    Download Submit

  • C:\PROGRA~3\Mozilla\aaacbzj.exe
    Filesize

    174KB

    MD5

    7abfaf2e33ef7a5b245b4ae7803af3b2

    SHA1

    eb199415d3e85feeefc9f75e89717515c9be350f

    SHA256

    9c6320ef335d60d22e037a76d15b2846d4851ae8c16d1831660309cec4e8d22e

    SHA512

    411e6e0586d1d52e2ca8bcb4aef965116b42cbc544c5612ccff0f46d8e775884e272d271bdb8ca49fdbb567be63f9e633d3e3b0c9b63514a1ce94c5f245fed08

    Download Submit

  • memory/2076-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2076-1-0x0000000000310000-0x000000000036B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2076-6-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2976-12-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2976-13-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download