ea8c66e794178f6dfa4a726b6d3f38a5d24a765c159706c6afc4e3d74d602cdc

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.26d39627d44e2f9df44966db9e104e00.exe
Size

3.3MB
MD5

26d39627d44e2f9df44966db9e104e00
SHA1

6dc2c4a68008303108b5b9494c274d839d85b6e6
SHA256

ea8c66e794178f6dfa4a726b6d3f38a5d24a765c159706c6afc4e3d74d602cdc
SHA512

08811d8fb57f8cb140960944387a0f39aaf5daeb717fad2b10f8eebeee5846b223aaf3b3192269d5b378b1137664ffa2e0466d0494c14bbd624a03f800aebb5f
SSDEEP

98304:9foDKTEMZjsororxxkd+sJlncUJgpwaBX3g:9fGMxstqJXncw+rpQ

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 28 IoCs

pid	Process
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NEAS.26d39627d44e2f9df44966db9e104e00.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe
2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2892	2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe	30
PID 2336 wrote to memory of 2892	2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe	30
PID 2336 wrote to memory of 2892	2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe	30
PID 2336 wrote to memory of 2892	2336	NEAS.26d39627d44e2f9df44966db9e104e00.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.26d39627d44e2f9df44966db9e104e00.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.26d39627d44e2f9df44966db9e104e00.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\NEAS.26d39627d44e2f9df44966db9e104e00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.26d39627d44e2f9df44966db9e104e00.exe"
  2⤵
  PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\SE478B.tmp

Filesize
1024B

MD5
12871388b682b159ddd85545302a289d

SHA1
76b47377da188fcfddeefa0f940287f1cce9885d

SHA256
cc033f00e96cae1829e3a5c15150fe68a62f65440f1b158d9257370fbc488a9b

SHA512
d60953b62d08e52fa2860db257e2bdbaa97e7eff7007617857f7b30a76f7c7ba81f8444d313a6ad496adbbaede5af1661e72522046789bb9aee1340f7ac12c7d

Download Submit
memory/2336-0-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1-0x0000000002350000-0x00000000024D1000-memory.dmp

Filesize
1.5MB

Download
memory/2336-3-0x00000000750E0000-0x0000000075127000-memory.dmp

Filesize
284KB

Download
memory/2336-812-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-814-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-815-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-817-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-819-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-821-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-823-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-825-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-827-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-829-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-831-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-833-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-835-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-837-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-839-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-841-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-843-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-845-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-847-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-849-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-851-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-853-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-855-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-857-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-859-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-861-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-863-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-865-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-867-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-869-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-871-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-873-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-2550-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-2551-0x0000000002350000-0x00000000024D1000-memory.dmp

Filesize
1.5MB

Download
memory/2336-3222-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6254-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6256-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6261-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6258-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6264-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6266-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6268-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6271-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6273-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6275-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6277-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6279-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6281-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6283-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6285-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6290-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6291-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6293-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6295-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6297-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6299-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6301-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6303-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6306-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6308-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6310-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6312-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6314-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6316-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6318-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6320-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6322-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6324-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6326-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6328-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6330-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6332-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6334-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6336-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6338-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6340-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6342-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6344-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6346-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6348-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6350-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6352-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6354-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6358-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6356-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6360-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6362-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6364-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6366-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6368-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6370-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6372-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6374-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6376-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download
memory/2336-6378-0x0000000002210000-0x0000000002321000-memory.dmp

Filesize
1.1MB

Download