Analysis
-
max time kernel
146s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2023, 17:32
Behavioral task
behavioral1
Sample
NEAS.47df846f2474f2d5f3740bab34809780.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.47df846f2474f2d5f3740bab34809780.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.47df846f2474f2d5f3740bab34809780.exe
-
Size
503KB
-
MD5
47df846f2474f2d5f3740bab34809780
-
SHA1
61a374d20110e81c795b4e030eb68a4557f999e7
-
SHA256
28b32e9aca33e5a25b11cb6969e19a510ae61de995360757f44617e81b3e51ad
-
SHA512
6f1425bb910ca7f5e14ee127eaa9092cb2578180ee2ec0c1a405220e0e1e943bf944bab04861207a03754fe07e2306b37edc071cc98cdb9213a0da0ca66936fe
-
SSDEEP
6144:HVlQoVHWO7MMJlfJIcSOPlgvmZgk/zDg5Ag2X80DMSFsv5mP84kYCs5uUTcPbLUp:1bV9MMJfLESiwPoWTc8ogV9MMJfL
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4232 NEAS.47df846f2474f2d5f3740bab34809780.exe -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/memory/4232-0-0x00000000007B0000-0x0000000000832000-memory.dmp agile_net -
Program crash 1 IoCs
pid pid_target Process procid_target 1524 4232 WerFault.exe 81 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4232 NEAS.47df846f2474f2d5f3740bab34809780.exe 4232 NEAS.47df846f2474f2d5f3740bab34809780.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.47df846f2474f2d5f3740bab34809780.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.47df846f2474f2d5f3740bab34809780.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4232 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 10962⤵
- Program crash
PID:1524
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4232 -ip 42321⤵PID:3336
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5ddb59f5d58f9ef6ca1baae89fa7dc8c6
SHA1eb761e6e5925c8f0c97248338fa4e4ff863d35d5
SHA2562318fe71778c615fc54f58c0347c58ce2a0c2d6e2eed50bffddde7ccb24e924d
SHA512662a345535f12acd240a206906f40a7e09b95dc5c79eafcd99ef1e9c398360791d38e0522724c594c572256af06070349875637d8a7c939a041103c327b4c33e
-
Filesize
128KB
MD5ddb59f5d58f9ef6ca1baae89fa7dc8c6
SHA1eb761e6e5925c8f0c97248338fa4e4ff863d35d5
SHA2562318fe71778c615fc54f58c0347c58ce2a0c2d6e2eed50bffddde7ccb24e924d
SHA512662a345535f12acd240a206906f40a7e09b95dc5c79eafcd99ef1e9c398360791d38e0522724c594c572256af06070349875637d8a7c939a041103c327b4c33e