63a4d27c2d2ad2d48beca69b7f8856c706fb63f89fa5a41976d1df90d3e6d4f9

Analysis

max time kernel
151s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
Size

197KB
MD5

ebb588c34beee6d0f0fd609658bb1b10
SHA1

81c9053dc74eba6ba2dedcc2a7c267712d3bcc35
SHA256

63a4d27c2d2ad2d48beca69b7f8856c706fb63f89fa5a41976d1df90d3e6d4f9
SHA512

461aaaa7dae022c68a4e1a0db17d03aff0880a743c69f736983c38555416cab5107467537a2fb267f32e516f4858c3d4360a5eafde0535575c85d12895344964
SSDEEP

6144:7JMdgnCpGmcPVmKtvCijdy5su1KqQvoSY:NVCpcNmKtdBgtOvoSY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5060-0-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-1-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-2-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-3-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-4-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-5-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-6-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-7-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-8-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-9-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-10-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-11-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-12-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-13-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-14-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/5060-15-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
5060	NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ebb588c34beee6d0f0fd609658bb1b10.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5060-0-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-1-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-2-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-3-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-4-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-5-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-6-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-7-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-8-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-9-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-10-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-11-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-12-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-13-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-14-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-15-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download