5db43280439e9063fc2d93413f5025fda76a357082a252ca1b2c05d9f3858b64

Analysis

max time kernel
226s
max time network
151s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16-10-2023 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
Size

171KB
MD5

bd12ec1f0a8fab74de676756b8c483f0
SHA1

8e02536dc2dc97012f69c0657bf3724588fcda28
SHA256

5db43280439e9063fc2d93413f5025fda76a357082a252ca1b2c05d9f3858b64
SHA512

aefdaca0549d627226a0431e8acd3fca919de3897544e8de2175c67bb8f261bd928923a17e3dc1a70fcff4db805ae49c21f8722cc44562bdd5d961a55c8dd8af
SSDEEP

3072:vYrY3cPD/CZauz8bDbOs7hj/0mxaXvsmtb7pjTBtfywec1LecTmYD:wrY3cgz8bDR7J/0mxaXvsmtb7pjTBtfM

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2648	NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bd12ec1f0a8fab74de676756b8c483f0.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x00000000011B0000-0x00000000011DF000-memory.dmp

Filesize
188KB

Download
memory/2648-1-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2648-2-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/2648-3-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/2648-4-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2648-5-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/2648-6-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download