780d92a2b74f117199c26859df56e2478931e3228cf5f0bda244254e876808ab

Analysis

max time kernel
189s
max time network
151s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.5b222d972515e48fd6a07a7749a9a200.exe
Size

45KB
MD5

5b222d972515e48fd6a07a7749a9a200
SHA1

84aebaa17d35cca1e97bd4efab895ad264a9545e
SHA256

780d92a2b74f117199c26859df56e2478931e3228cf5f0bda244254e876808ab
SHA512

1c8b74259f203ed0f3508f15cde1f2a1f1dc8c29c289d0b1e81762a45859f861156881d338c9b180f0a54a97409cc8934c362df486107ecc8e63bf9dba65bebe
SSDEEP

384:2QWRRQBH61HkIGzIuy3uJqCG7bS4GTf05EYi7f8i7ppC:2hRma1KziWRMPi7TppC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2524	updGA.exe

Loads dropped DLL 2 IoCs

pid	Process
2644	NEAS.5b222d972515e48fd6a07a7749a9a200.exe
2644	NEAS.5b222d972515e48fd6a07a7749a9a200.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2524	2644	NEAS.5b222d972515e48fd6a07a7749a9a200.exe	29
PID 2644 wrote to memory of 2524	2644	NEAS.5b222d972515e48fd6a07a7749a9a200.exe	29
PID 2644 wrote to memory of 2524	2644	NEAS.5b222d972515e48fd6a07a7749a9a200.exe	29
PID 2644 wrote to memory of 2524	2644	NEAS.5b222d972515e48fd6a07a7749a9a200.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.5b222d972515e48fd6a07a7749a9a200.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5b222d972515e48fd6a07a7749a9a200.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\updGA.exe
  "C:\Users\Admin\AppData\Local\Temp\updGA.exe"
  2⤵
  - Executes dropped EXE
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\updGA.exe

Filesize
45KB

MD5
228cb1c4e6e814b3fa48f4993f1021ae

SHA1
f291a6f38744dadbd56516f415d3ee8dfa99b523

SHA256
5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

SHA512
aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\updGA.exe

Filesize
45KB

MD5
228cb1c4e6e814b3fa48f4993f1021ae

SHA1
f291a6f38744dadbd56516f415d3ee8dfa99b523

SHA256
5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

SHA512
aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\updGA.exe

Filesize
45KB

MD5
228cb1c4e6e814b3fa48f4993f1021ae

SHA1
f291a6f38744dadbd56516f415d3ee8dfa99b523

SHA256
5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

SHA512
aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

Download Submit
\Users\Admin\AppData\Local\Temp\updGA.exe

Filesize
45KB

MD5
228cb1c4e6e814b3fa48f4993f1021ae

SHA1
f291a6f38744dadbd56516f415d3ee8dfa99b523

SHA256
5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

SHA512
aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

Download Submit
\Users\Admin\AppData\Local\Temp\updGA.exe

Filesize
45KB

MD5
228cb1c4e6e814b3fa48f4993f1021ae

SHA1
f291a6f38744dadbd56516f415d3ee8dfa99b523

SHA256
5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

SHA512
aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

Download Submit