Malware Analysis Report

2025-05-05 22:18

Sample ID 231016-xa4v8aca61
Target NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe
SHA256 aa8236bb683502bfe7e061ea42e0b252174895596324fef42392c4dc86d68a1e
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

aa8236bb683502bfe7e061ea42e0b252174895596324fef42392c4dc86d68a1e

Threat Level: Shows suspicious behavior

The file NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-16 18:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-16 18:39

Reported

2023-10-17 04:25

Platform

win7-20230831-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2456 -s 864

Network

N/A

Files

memory/2456-0-0x0000000001350000-0x0000000001A74000-memory.dmp

memory/2456-1-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

memory/2456-2-0x000000001B440000-0x000000001B4C0000-memory.dmp

memory/2456-3-0x000000001CBB0000-0x000000001CDFE000-memory.dmp

memory/2456-4-0x00000000012E0000-0x000000000132E000-memory.dmp

memory/2456-5-0x000000001CE00000-0x000000001CF4A000-memory.dmp

memory/2456-6-0x000000001CF50000-0x000000001D066000-memory.dmp

memory/2456-7-0x0000000000190000-0x00000000001C0000-memory.dmp

memory/2456-8-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-16 18:39

Reported

2023-10-17 04:25

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.d723b4ca982a1f9bb574bc26d8aad480.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp

Files

memory/3772-0-0x00000222864A0000-0x0000022286BC4000-memory.dmp

memory/3772-1-0x00007FFAE9000000-0x00007FFAE9AC1000-memory.dmp

memory/3772-2-0x00000222A10B0000-0x00000222A10C0000-memory.dmp

memory/3772-3-0x00000222A12D0000-0x00000222A151E000-memory.dmp

memory/3772-4-0x00000222A1250000-0x00000222A129E000-memory.dmp

memory/3772-5-0x00000222A1520000-0x00000222A166A000-memory.dmp

memory/3772-6-0x00000222A1670000-0x00000222A1786000-memory.dmp

memory/3772-7-0x00000222887B0000-0x00000222887E0000-memory.dmp

memory/3772-8-0x00007FFAE9000000-0x00007FFAE9AC1000-memory.dmp