Overview

overview

7

Static

static

3

NEAS.b0b86...d0.exe

windows7-x64

7

NEAS.b0b86...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 18:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b0b860d88fbfb3acdc6c1c82eb8309d0.exe

  • Size

    234KB

  • MD5

    b0b860d88fbfb3acdc6c1c82eb8309d0

  • SHA1

    6d6669c1760fca98fc612bb9dff92f4303c377a5

  • SHA256

    04756c78d29cb44b2fa8066edc8c7951f410181af6293834d5e08ece54cab274

  • SHA512

    6488de1424a28c29fa6e66d702f0ae84babf4de34127ba7c3d6d0788d2de17c6edc14d93791d24bda112cb25768d9e5bb362d40d095930fb14221138e083f63e

  • SSDEEP

    6144:6VI7uAXi/UqFXBQk1PqbYRMqTl+F2gX975jUEeseUTUXdeeltmWe:BuAXitH1PeYRMqh+F2gX9JeseEUAgs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b0b860d88fbfb3acdc6c1c82eb8309d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b0b860d88fbfb3acdc6c1c82eb8309d0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Local\Temp\NEAS.b0b860d88fbfb3acdc6c1c82eb8309d0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.b0b860d88fbfb3acdc6c1c82eb8309d0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2736

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\NEAS.b0b860d88fbfb3acdc6c1c82eb8309d0.exe
          Filesize

          234KB

          MD5

          f0978163750a1fa3b843b744f5ef7ea5

          SHA1

          63ab70a2e7a614c1272f4b8233efcadce928ef6c

          SHA256

          0e49b20ebb6674356d321c6a5b1be7717a813a01512a9734707fc8948997705d

          SHA512

          ee3116dd22486298519abf8876a060583e5224010a703bea012be076495251bebf1fe9c9884bbea80dc86d50fe6c12be8bd05999165bf4fbbd78ad9121ab47b8

          Download Submit

        • memory/2736-13-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/2736-14-0x00000000001C0000-0x00000000001FB000-memory.dmp

          Filesize

          236KB

          Download

        • memory/2736-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2736-21-0x0000000001500000-0x000000000151B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2736-26-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/4976-0-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/4976-1-0x00000000000F0000-0x000000000012B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/4976-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4976-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download