d79fd2498bcb5e6b897fa25127bee118ea8cf3e76bc5d5810a00dec7e99c3042

Analysis

max time kernel
148s
max time network
158s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe
Size

238KB
MD5

ba761f47647aa1cf3e78086ee0ecdf10
SHA1

067607b13a356211f87719513b72b1ce11a89b53
SHA256

d79fd2498bcb5e6b897fa25127bee118ea8cf3e76bc5d5810a00dec7e99c3042
SHA512

99a675d95bf70bf2a037e91eb8107b344018a053482e963cb9ef7e4ed334e617e32165e792d2ed31a41674780412775a927bd5c8ff066b2e67dbe1ee7c70d253
SSDEEP

3072:wmh7T6xGiYQxcpDwK3XrT8r+Ee03T1Z3lFgXvNbOz6N2YvQd2a:wm1t1GK3X/8rt/1VgXVbu6na

Score

7^/10

miner

Malware Config

Signatures

Cryptocurrency Miner
Makes network request to known mining pool URL.
miner

Executes dropped EXE 1 IoCs

pid	Process
1228	ActivateDesktop.exe

Loads dropped DLL 2 IoCs

pid	Process
2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe
2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe
1228	ActivateDesktop.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1228	2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe	28
PID 2136 wrote to memory of 1228	2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe	28
PID 2136 wrote to memory of 1228	2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe	28
PID 2136 wrote to memory of 1228	2136	NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136
- C:\.Trash-100\ActivateDesktop.exe
  C:\.Trash-100\ActivateDesktop.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
60b0bd61ab2e969cee3eb383f7f3d8d5

SHA1
95e0564b4a4ff95753f27c7b45389b9d3406e197

SHA256
d1ab977994f7954792d35bbc138c3dc466f7e06e0c66d93d11278b1ffcbbbb03

SHA512
ed7e25236a107a4de6b5f728656c16fd285ca23e18b36ef581b5646c63d74f67d55f6b8c54ff4c0db9f7626d8b58fa7a99c952aeb54b327efd069a28836bc19d

Download Submit
C:\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
60b0bd61ab2e969cee3eb383f7f3d8d5

SHA1
95e0564b4a4ff95753f27c7b45389b9d3406e197

SHA256
d1ab977994f7954792d35bbc138c3dc466f7e06e0c66d93d11278b1ffcbbbb03

SHA512
ed7e25236a107a4de6b5f728656c16fd285ca23e18b36ef581b5646c63d74f67d55f6b8c54ff4c0db9f7626d8b58fa7a99c952aeb54b327efd069a28836bc19d

Download Submit
C:\.Trash-100\db\framework_exe

Filesize
19B

MD5
665009c6d258a06e710ff8c7810f4697

SHA1
abf7abc9bae75e5323a12b1d58336dfe0fd58e22

SHA256
98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

SHA512
a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

Download Submit
\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
60b0bd61ab2e969cee3eb383f7f3d8d5

SHA1
95e0564b4a4ff95753f27c7b45389b9d3406e197

SHA256
d1ab977994f7954792d35bbc138c3dc466f7e06e0c66d93d11278b1ffcbbbb03

SHA512
ed7e25236a107a4de6b5f728656c16fd285ca23e18b36ef581b5646c63d74f67d55f6b8c54ff4c0db9f7626d8b58fa7a99c952aeb54b327efd069a28836bc19d

Download Submit
\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
60b0bd61ab2e969cee3eb383f7f3d8d5

SHA1
95e0564b4a4ff95753f27c7b45389b9d3406e197

SHA256
d1ab977994f7954792d35bbc138c3dc466f7e06e0c66d93d11278b1ffcbbbb03

SHA512
ed7e25236a107a4de6b5f728656c16fd285ca23e18b36ef581b5646c63d74f67d55f6b8c54ff4c0db9f7626d8b58fa7a99c952aeb54b327efd069a28836bc19d

Download Submit