6aaa0c6f18455d66b013bbea21afb9d4c9248628de1cea32b58bac799162339d

Analysis

max time kernel
118s
max time network
154s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe
Size

79KB
MD5

bdbb3b88009ffac1043d62c5591e84e0
SHA1

340e8f868e77d2c55ad92aee6b617a33f49f0ec9
SHA256

6aaa0c6f18455d66b013bbea21afb9d4c9248628de1cea32b58bac799162339d
SHA512

e35609548f37234ffb6634d25044493e9657f481982a53c9a138403f2f8c754d51e4a54b652fab4d424b59b1f5122baee91ca1332955cd4284061f4f402f96f0
SSDEEP

1536:zvJBVIbTO1lOQA8AkqUhMb2nuy5wgIP0CSJ+5ySB8GMGlZ5G:zvJLn8GdqU7uy5w9WMySN5G

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2624	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2868	cmd.exe
2868	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2868	2788	NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe	29
PID 2788 wrote to memory of 2868	2788	NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe	29
PID 2788 wrote to memory of 2868	2788	NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe	29
PID 2788 wrote to memory of 2868	2788	NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe	29
PID 2868 wrote to memory of 2624	2868	cmd.exe	30
PID 2868 wrote to memory of 2624	2868	cmd.exe	30
PID 2868 wrote to memory of 2624	2868	cmd.exe	30
PID 2868 wrote to memory of 2624	2868	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bdbb3b88009ffac1043d62c5591e84e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
78f51fea7ec2532b7986aedc4a83c330

SHA1
40a765aa2f2ad74d829527fbde94bd25d8f003a5

SHA256
e8156efaa1a1e2b9f835a5da6a943bb8e6bd78284c573ee7d19ea1bd608899f5

SHA512
29182b00218eb1e2331373925241a1459faa4476759bb0495a2770820c17b0728eab1a8deb50d202043a78693b60cf445814bc8b4888be2116da28d2a5757dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
78f51fea7ec2532b7986aedc4a83c330

SHA1
40a765aa2f2ad74d829527fbde94bd25d8f003a5

SHA256
e8156efaa1a1e2b9f835a5da6a943bb8e6bd78284c573ee7d19ea1bd608899f5

SHA512
29182b00218eb1e2331373925241a1459faa4476759bb0495a2770820c17b0728eab1a8deb50d202043a78693b60cf445814bc8b4888be2116da28d2a5757dec

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
78f51fea7ec2532b7986aedc4a83c330

SHA1
40a765aa2f2ad74d829527fbde94bd25d8f003a5

SHA256
e8156efaa1a1e2b9f835a5da6a943bb8e6bd78284c573ee7d19ea1bd608899f5

SHA512
29182b00218eb1e2331373925241a1459faa4476759bb0495a2770820c17b0728eab1a8deb50d202043a78693b60cf445814bc8b4888be2116da28d2a5757dec

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
78f51fea7ec2532b7986aedc4a83c330

SHA1
40a765aa2f2ad74d829527fbde94bd25d8f003a5

SHA256
e8156efaa1a1e2b9f835a5da6a943bb8e6bd78284c573ee7d19ea1bd608899f5

SHA512
29182b00218eb1e2331373925241a1459faa4476759bb0495a2770820c17b0728eab1a8deb50d202043a78693b60cf445814bc8b4888be2116da28d2a5757dec

Download Submit
memory/2624-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2788-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2788-9-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads