e756c1b0bfdb4acb22d4dfe6e50a47b08d83b5e62d18b4b35ae45216912282b0

Analysis

max time kernel
160s
max time network
184s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.71c022b5d39cbb9c257c8b94589651c0.exe
Size

93KB
MD5

71c022b5d39cbb9c257c8b94589651c0
SHA1

53093fe1b1b50eaebca6ebe61e99c164b6f0dd78
SHA256

e756c1b0bfdb4acb22d4dfe6e50a47b08d83b5e62d18b4b35ae45216912282b0
SHA512

9b851bf62ba05a63be9bce91d8ac7194038d1a913f4194871f8a501518f865a0efb5bb5a6bfed81ccc5dca1d5aeb2ccb8b2b9b2754071db20577185ce388d4bf
SSDEEP

1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRDj9i4RR5:zCsanOtEvwDpjM

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1244	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1364	NEAS.71c022b5d39cbb9c257c8b94589651c0.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1364-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000b000000012021-11.dat	upx
behavioral1/memory/1244-17-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000b000000012021-15.dat	upx
behavioral1/memory/1364-14-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000b000000012021-25.dat	upx
behavioral1/memory/1244-26-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1244	1364	NEAS.71c022b5d39cbb9c257c8b94589651c0.exe	29
PID 1364 wrote to memory of 1244	1364	NEAS.71c022b5d39cbb9c257c8b94589651c0.exe	29
PID 1364 wrote to memory of 1244	1364	NEAS.71c022b5d39cbb9c257c8b94589651c0.exe	29
PID 1364 wrote to memory of 1244	1364	NEAS.71c022b5d39cbb9c257c8b94589651c0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.71c022b5d39cbb9c257c8b94589651c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.71c022b5d39cbb9c257c8b94589651c0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
93KB

MD5
51f7a10220e970bf01bc8e155481248a

SHA1
bd73d4a903d13707cd9e99781337c4c3b6c37341

SHA256
caa10c4f42c5d4802a48c74875bade91991ddb64ab27b0ec252add9b5141f9ce

SHA512
78c5ecd489f888a3c682d0a1e3158a2be8c234a636f76a8ce4fe77b89f737b1a2d7282e84fd84fa9e9ad09c0fdf08e318fd4beb4e68ec23b1206ec6036a9b109

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
93KB

MD5
51f7a10220e970bf01bc8e155481248a

SHA1
bd73d4a903d13707cd9e99781337c4c3b6c37341

SHA256
caa10c4f42c5d4802a48c74875bade91991ddb64ab27b0ec252add9b5141f9ce

SHA512
78c5ecd489f888a3c682d0a1e3158a2be8c234a636f76a8ce4fe77b89f737b1a2d7282e84fd84fa9e9ad09c0fdf08e318fd4beb4e68ec23b1206ec6036a9b109

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
93KB

MD5
51f7a10220e970bf01bc8e155481248a

SHA1
bd73d4a903d13707cd9e99781337c4c3b6c37341

SHA256
caa10c4f42c5d4802a48c74875bade91991ddb64ab27b0ec252add9b5141f9ce

SHA512
78c5ecd489f888a3c682d0a1e3158a2be8c234a636f76a8ce4fe77b89f737b1a2d7282e84fd84fa9e9ad09c0fdf08e318fd4beb4e68ec23b1206ec6036a9b109

Download Submit
memory/1244-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1244-19-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1244-18-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1244-26-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1364-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1364-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1364-2-0x00000000005B0000-0x00000000005B6000-memory.dmp

Filesize
24KB

Download
memory/1364-4-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1364-14-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download