b3afd53b5dac296db540456da9de169aa45d018d0db897d669463e2789720c0e

Analysis

max time kernel
42s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 21:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f778310e642462d944338865d83f5620.exe
Size

68KB
MD5

f778310e642462d944338865d83f5620
SHA1

aecdb95795f3f85ac9c90860c55c397338af5eda
SHA256

b3afd53b5dac296db540456da9de169aa45d018d0db897d669463e2789720c0e
SHA512

cc2c6f640dec01c226affcc8beca01a62390fcfb2009fdf8ef2bef316bfb12e7266c9186ceb6201f193fd8618e947b8a7a07816fb29f1efff70afa54c17d63c5
SSDEEP

1536:jfBoWdHaDL1UOUc01anifKUYJFqLa49qQ:jCWdHaDhocDGKU4t49qQ

Score

1^/10

Malware Config

Signatures

Runs .reg file with regedit 2 IoCs

pid	Process
4080	regedit.exe
4920	regedit.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2404	2248	NEAS.f778310e642462d944338865d83f5620.exe	89
PID 2248 wrote to memory of 2404	2248	NEAS.f778310e642462d944338865d83f5620.exe	89
PID 2248 wrote to memory of 2404	2248	NEAS.f778310e642462d944338865d83f5620.exe	89
PID 2404 wrote to memory of 4080	2404	cmd.exe	91
PID 2404 wrote to memory of 4080	2404	cmd.exe	91
PID 2404 wrote to memory of 4080	2404	cmd.exe	91
PID 2404 wrote to memory of 4920	2404	cmd.exe	93
PID 2404 wrote to memory of 4920	2404	cmd.exe	93
PID 2404 wrote to memory of 4920	2404	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\NEAS.f778310e642462d944338865d83f5620.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f778310e642462d944338865d83f5620.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bt14585.bat "C:\Users\Admin\AppData\Local\Temp\NEAS.f778310e642462d944338865d83f5620.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Windows\SysWOW64\regedit.exe
    REGEDIT /S "C:\Users\Admin\AppData\Local\Temp.\DefOpen.reg"
    3⤵
    - Runs .reg file with regedit
    PID:4080
- - C:\Windows\SysWOW64\regedit.exe
    REGEDIT /S "C:\Users\Admin\AppData\Local\Temp.\DefOpen.reg"
    3⤵
    - Runs .reg file with regedit
    PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DefOpen.reg

Filesize
2KB

MD5
8de823ad7b15de6226a41e7f9d086a3f

SHA1
53f07b268f52763a37d2d691f6b97940d994242e

SHA256
357869beb1a2abeb38e7bd0c81fa1568a7f9e4edef0f7f8d78718a9125b61786

SHA512
a15c6ce254da1d51e07f11237633a62ae2c12dd19f6f08e3a821533f17c7cc4a0b898f376581912575f71a8d9d88d93d24f0e34093698c408de92c956856c4bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\DefOpen.reg

Filesize
706B

MD5
a9a552291b7620dd2eea40ee82c27afe

SHA1
19d34e8f828d69a8b0c092ff6f1864f8e3b1f837

SHA256
a7840e62381325ced2066410d4faea3cb548c3a8f1034a4ab7473f03561d693e

SHA512
e4d4ae3adadc6f840b52f3a64a966af3c4f4f09e23a0d5b733ae468d9bccbdf248b0278628c6054d322d04bdd7366faca1f261fa497bfbbb37f5978565927fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\DefOpen.reg

Filesize
682B

MD5
c662a7b9369aa91da7d63182b3c10580

SHA1
a24bfd2a9cc42eb84f466c70d152c57710b3a4c7

SHA256
f12105f39436cf02de79e3b87419a6a10c8915a153eabf97fad376f9593184ec

SHA512
cc424ea2404fe7bda35141fc79e4c143228af0c0dfbc8f1a7981c3e9320e9d172112e60bcd2a97f5a04f64c721974c04eb1355aeb0bd5b0f2570b00d0326d7eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DefOpen.reg

Filesize
86B

MD5
1e703dd91fb10ee673cb6ada1b08dfe1

SHA1
a726be2a3a09f00174dc191f1ed88c82a01d3d52

SHA256
04d0e541986c6d663c4fee8b93734e6731f2f3d44826f34bad37d38b32a9e92c

SHA512
f6f5e6889784810a03d802671597df978b299dea0c1a1e6ae55a0caa39ddc7b6f5774a6df3123cd33b5823cb39f4ab47dc32186d1b2cbd7f4bec66fa42854ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bt14585.bat

Filesize
6KB

MD5
520b3ce8aab69a627bd4b98b33620881

SHA1
30c841bcc2158f0b9f264a9174891e2da9912c03

SHA256
3cbf51b12bfd92d34f90dff5548779093737dd172ad006e89e0a367b4ef5ae4b

SHA512
2f62d38e276a78091664f2001f243da2b41f957c645f9b0fa2fb3ed80ea7de090a02f4a1c4c2aeded5359b4f1ef5c096a65123e0b3ae8b170645737a400de57e

Download Submit
memory/2248-131-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads