8c6f9fb511d1c4acc8798c57d96c2ce545ab73dde9ded5b39477d99f95c760ff

Analysis

max time kernel
33s
max time network
38s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b7fde440893243168bf03f334ea88a80.exe
Size

61KB
MD5

b7fde440893243168bf03f334ea88a80
SHA1

0cd0abfc2ae320adc9d8047eb6cd14314af52a8f
SHA256

8c6f9fb511d1c4acc8798c57d96c2ce545ab73dde9ded5b39477d99f95c760ff
SHA512

98e428e17042427f8b54f1ff375d62e70e7e32c836455a0ceaa32ac5cd715ed8d30bce1327a1d8a6b66b3eee9e163369c4ac9ee7178a7d6d8a7b2a7c25158458
SSDEEP

1536:P+ZBskRHLMwIrHXu/4Ctd3FAhAYIi7Olba:zkRHSHXu/JXFt7iylba

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2552	dfv88vv2s.exe

Loads dropped DLL 2 IoCs

pid	Process
2080	NEAS.b7fde440893243168bf03f334ea88a80.exe
2080	NEAS.b7fde440893243168bf03f334ea88a80.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Windows\CurrentVersion\Run\voqph6 = "C:\\Users\\Admin\\AppData\\Roaming\\dfv88vv2s.exe"	NEAS.b7fde440893243168bf03f334ea88a80.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2552	2080	NEAS.b7fde440893243168bf03f334ea88a80.exe	28
PID 2080 wrote to memory of 2552	2080	NEAS.b7fde440893243168bf03f334ea88a80.exe	28
PID 2080 wrote to memory of 2552	2080	NEAS.b7fde440893243168bf03f334ea88a80.exe	28
PID 2080 wrote to memory of 2552	2080	NEAS.b7fde440893243168bf03f334ea88a80.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.b7fde440893243168bf03f334ea88a80.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7fde440893243168bf03f334ea88a80.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe
  C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe
  2⤵
  - Executes dropped EXE
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe

Filesize
61KB

MD5
f1d68eb9206b45c3ed6c21a25c018124

SHA1
56ee277c9087ad954946b1ceffc997f45fb9a35d

SHA256
adc949af47d14b17f6f1d5384b47975cc9fa7cb9ce42d8bc069e76c12ef4e86d

SHA512
d3f5e280fc66a8703dc07319a79994092d3e6edb1aa94bb6c08b13d5fa01a6bd83d3185abeedd9776aba2364a50bb8a7d106a091538540f5ca4b35a2779abebb

Download Submit
C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe

Filesize
61KB

MD5
f1d68eb9206b45c3ed6c21a25c018124

SHA1
56ee277c9087ad954946b1ceffc997f45fb9a35d

SHA256
adc949af47d14b17f6f1d5384b47975cc9fa7cb9ce42d8bc069e76c12ef4e86d

SHA512
d3f5e280fc66a8703dc07319a79994092d3e6edb1aa94bb6c08b13d5fa01a6bd83d3185abeedd9776aba2364a50bb8a7d106a091538540f5ca4b35a2779abebb

Download Submit
C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe

Filesize
61KB

MD5
f1d68eb9206b45c3ed6c21a25c018124

SHA1
56ee277c9087ad954946b1ceffc997f45fb9a35d

SHA256
adc949af47d14b17f6f1d5384b47975cc9fa7cb9ce42d8bc069e76c12ef4e86d

SHA512
d3f5e280fc66a8703dc07319a79994092d3e6edb1aa94bb6c08b13d5fa01a6bd83d3185abeedd9776aba2364a50bb8a7d106a091538540f5ca4b35a2779abebb

Download Submit
\Users\Admin\AppData\Roaming\dfv88vv2s.exe

Filesize
61KB

MD5
f1d68eb9206b45c3ed6c21a25c018124

SHA1
56ee277c9087ad954946b1ceffc997f45fb9a35d

SHA256
adc949af47d14b17f6f1d5384b47975cc9fa7cb9ce42d8bc069e76c12ef4e86d

SHA512
d3f5e280fc66a8703dc07319a79994092d3e6edb1aa94bb6c08b13d5fa01a6bd83d3185abeedd9776aba2364a50bb8a7d106a091538540f5ca4b35a2779abebb

Download Submit
\Users\Admin\AppData\Roaming\dfv88vv2s.exe

Filesize
61KB

MD5
f1d68eb9206b45c3ed6c21a25c018124

SHA1
56ee277c9087ad954946b1ceffc997f45fb9a35d

SHA256
adc949af47d14b17f6f1d5384b47975cc9fa7cb9ce42d8bc069e76c12ef4e86d

SHA512
d3f5e280fc66a8703dc07319a79994092d3e6edb1aa94bb6c08b13d5fa01a6bd83d3185abeedd9776aba2364a50bb8a7d106a091538540f5ca4b35a2779abebb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads