Analysis

  • max time kernel
    61s
  • max time network
    58s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2023 21:30

General

  • Target

    NEAS.bcc09d62005ce6c95f3ea8b75d8e6800.exe

  • Size

    61KB

  • MD5

    bcc09d62005ce6c95f3ea8b75d8e6800

  • SHA1

    29c5d51367b51d6d3c43a3314fcee38dee4c8a7d

  • SHA256

    d5db5e6a0bf23fd2041f9e6a0c9d1395b241c55e2cb790e8ecf95ab298fafece

  • SHA512

    356cbef170423b13b76ea66917b0bf4bc89eac27f6a53e8a44d6822c006233bf53e7a2b7267a376b3299379956d1750d917aba0b3462bcccb3f95b052c7272ea

  • SSDEEP

    768:vYnI9ZvPg2k4u+hJDdv260OAhAH4Ii7u9bp6uqcl2aauA:vwIrHuCtd3FAhAYIi78xlba

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.bcc09d62005ce6c95f3ea8b75d8e6800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bcc09d62005ce6c95f3ea8b75d8e6800.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe
      C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe
      2⤵
      • Executes dropped EXE
      PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe

    Filesize

    61KB

    MD5

    7c0b3e6a4feff14da44af35ef5eccf29

    SHA1

    a0f5bf47fb2a8cdc93c1424e797b80970a3d7692

    SHA256

    5ae65e0a6a7f2e168bfdbb7f03e9aace312467b9ba0d5179bfdee3e3af80357e

    SHA512

    351379a241b30ef0e6652e1562e64ff442da87dd71aca686a918de62a701b8984640175313619c91fc5a10644b936a78bf54cf2cf3abfa740945145aee07aa32

  • C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe

    Filesize

    61KB

    MD5

    7c0b3e6a4feff14da44af35ef5eccf29

    SHA1

    a0f5bf47fb2a8cdc93c1424e797b80970a3d7692

    SHA256

    5ae65e0a6a7f2e168bfdbb7f03e9aace312467b9ba0d5179bfdee3e3af80357e

    SHA512

    351379a241b30ef0e6652e1562e64ff442da87dd71aca686a918de62a701b8984640175313619c91fc5a10644b936a78bf54cf2cf3abfa740945145aee07aa32

  • C:\Users\Admin\AppData\Roaming\dfv88vv2s.exe

    Filesize

    61KB

    MD5

    7c0b3e6a4feff14da44af35ef5eccf29

    SHA1

    a0f5bf47fb2a8cdc93c1424e797b80970a3d7692

    SHA256

    5ae65e0a6a7f2e168bfdbb7f03e9aace312467b9ba0d5179bfdee3e3af80357e

    SHA512

    351379a241b30ef0e6652e1562e64ff442da87dd71aca686a918de62a701b8984640175313619c91fc5a10644b936a78bf54cf2cf3abfa740945145aee07aa32

  • \Users\Admin\AppData\Roaming\dfv88vv2s.exe

    Filesize

    61KB

    MD5

    7c0b3e6a4feff14da44af35ef5eccf29

    SHA1

    a0f5bf47fb2a8cdc93c1424e797b80970a3d7692

    SHA256

    5ae65e0a6a7f2e168bfdbb7f03e9aace312467b9ba0d5179bfdee3e3af80357e

    SHA512

    351379a241b30ef0e6652e1562e64ff442da87dd71aca686a918de62a701b8984640175313619c91fc5a10644b936a78bf54cf2cf3abfa740945145aee07aa32

  • \Users\Admin\AppData\Roaming\dfv88vv2s.exe

    Filesize

    61KB

    MD5

    7c0b3e6a4feff14da44af35ef5eccf29

    SHA1

    a0f5bf47fb2a8cdc93c1424e797b80970a3d7692

    SHA256

    5ae65e0a6a7f2e168bfdbb7f03e9aace312467b9ba0d5179bfdee3e3af80357e

    SHA512

    351379a241b30ef0e6652e1562e64ff442da87dd71aca686a918de62a701b8984640175313619c91fc5a10644b936a78bf54cf2cf3abfa740945145aee07aa32