723ab68785d170851dcdbf9c8f7c402031ea96f75d382b493e288c0c16971b83

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
Size

967KB
MD5

4e781ae69ae7c9c8b3bf445eb97032f0
SHA1

87916fb0bcb62591782eb14056a2c459538314e3
SHA256

723ab68785d170851dcdbf9c8f7c402031ea96f75d382b493e288c0c16971b83
SHA512

82947d55a85425dcb121f966e034387206e9ee95fa2fc2d8c8cd3a88e9187da6c63fa6d0a5e38f1357c29f6d7fee26fb0ec2773e033c7f28b1b2476f8ded2761
SSDEEP

24576:CAHnh+eWsN3skA4RV1Hom2KXMmHaAasbwhgl5I:Fh+ZkldoPK8YaAzI

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemPropertiesPerformance.url	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 840	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	28
PID 1596 wrote to memory of 840	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	28
PID 1596 wrote to memory of 840	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	28
PID 1596 wrote to memory of 840	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	28
PID 1596 wrote to memory of 1740	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	29
PID 1596 wrote to memory of 1740	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	29
PID 1596 wrote to memory of 1740	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	29
PID 1596 wrote to memory of 1740	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	29
PID 1596 wrote to memory of 2244	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	30
PID 1596 wrote to memory of 2244	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	30
PID 1596 wrote to memory of 2244	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	30
PID 1596 wrote to memory of 2244	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	30
PID 1596 wrote to memory of 1440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	31
PID 1596 wrote to memory of 1440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	31
PID 1596 wrote to memory of 1440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	31
PID 1596 wrote to memory of 1440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	31
PID 1596 wrote to memory of 2200	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	32
PID 1596 wrote to memory of 2200	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	32
PID 1596 wrote to memory of 2200	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	32
PID 1596 wrote to memory of 2200	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	32
PID 1596 wrote to memory of 2440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	33
PID 1596 wrote to memory of 2440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	33
PID 1596 wrote to memory of 2440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	33
PID 1596 wrote to memory of 2440	1596	NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe	33

C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
1⤵
- Drops startup file
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
  2⤵
  PID:840
- C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
  2⤵
  PID:2244
- C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
  2⤵
  PID:1440
- C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
  2⤵
  PID:2200
- C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4e781ae69ae7c9c8b3bf445eb97032f0.exe"
  2⤵
  PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1596-0-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads