Overview

overview

7

Static

static

3

NEAS.ce7fb...00.exe

windows7-x64

7

NEAS.ce7fb...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2023 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ce7fb015b335eb09e93f92072fbddd00.exe

  • Size

    642KB

  • MD5

    ce7fb015b335eb09e93f92072fbddd00

  • SHA1

    ac5d90b696aca887abf38dbf8d7afbdd54b346a2

  • SHA256

    3e66b29c1b585e494158d2b2f05bf345eea7fce4099eaddbffc77bff2439a782

  • SHA512

    5ef854af9a6c6adf0e5290e7af34120bc9a4a1161b940f83e6da1c57e20617707b04f044490f97d7521b64ae8cd0ea98ae075f4fa850b2d5f363b1c91993863e

  • SSDEEP

    6144:QSdZB00KAyEIgrN3h08zHgSKcYrIOXsqmWzJrdc6GJRQUWGUA9PRWLiFSbE56FO5:X0UNIg5h08gY2lWRPWhA9PRWg95

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ce7fb015b335eb09e93f92072fbddd00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ce7fb015b335eb09e93f92072fbddd00.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Users\Admin\AppData\Local\Temp\NEAS.ce7fb015b335eb09e93f92072fbddd00.sho
      C:\Users\Admin\AppData\Local\Temp\NEAS.ce7fb015b335eb09e93f92072fbddd00.sho
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ce7fb015b335eb09e93f92072fbddd00.sho
    Filesize

    457KB

    MD5

    446366ca32877e2290d0bd8f22e11809

    SHA1

    b620d296d53566d9a07c1cabc92c50d0f5c4f34a

    SHA256

    4b76c0ea832d58966f824cfedb9a3831b1c286b13cc22d56e29dad7966847184

    SHA512

    edbb4cd70b9c372f827136db217087451732f83a34af854ff031a659e9aee0fe849c0005a38d2bd19f438f8277147101a577fa900b89e2e1f804b369134255cf

    Download Submit

  • C:\Windows\SysWOW64\Shohdi.hdi
    Filesize

    642KB

    MD5

    80c14775217d07e6d9336b303487f5b8

    SHA1

    60e3ac7ce3b76a537cb141ad3876bc6709613fba

    SHA256

    207c79400a8dd3f1f7395c1521bc0ba9d98c150336bcf4a044ee5760ff3eff8b

    SHA512

    80e62c41112bd5fab81ed6645ee2cf84921d55840baf4e8e4e0efb8f7eb3702f26ff34929bff57ad7c6a59a023a7057c5aa3e107c49ca8c69229a350d99e3b30

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.ce7fb015b335eb09e93f92072fbddd00.sho
    Filesize

    457KB

    MD5

    446366ca32877e2290d0bd8f22e11809

    SHA1

    b620d296d53566d9a07c1cabc92c50d0f5c4f34a

    SHA256

    4b76c0ea832d58966f824cfedb9a3831b1c286b13cc22d56e29dad7966847184

    SHA512

    edbb4cd70b9c372f827136db217087451732f83a34af854ff031a659e9aee0fe849c0005a38d2bd19f438f8277147101a577fa900b89e2e1f804b369134255cf

    Download Submit