Overview

overview

7

Static

static

3

NEAS.15b62...10.exe

windows7-x64

7

NEAS.15b62...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2023, 21:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.15b62a3a32d002d3faafb488dec1f410.exe

  • Size

    600KB

  • MD5

    15b62a3a32d002d3faafb488dec1f410

  • SHA1

    2266a4a79e446e8c5d9f4b7c7ed02b3abe44a5ff

  • SHA256

    06bb1c5e4c87467483aa4cff7caad8046eae27e9461fe8ec87b37f9e6fc8fb55

  • SHA512

    7412e9380749dd80b4dd38636e378a120ee664a88c06291c3ab5be45b9fd24b549ebdc12984751268472cb8914dd40d3a1ce4f4291c59b61fd2e3666e8b0b9d0

  • SSDEEP

    12288:+FeramCErWTRW8fdeA6YFlIX5lm8W6v5VLOR0i:OeraNEiTRW8fdeEOX5RvDA0i

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.15b62a3a32d002d3faafb488dec1f410.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.15b62a3a32d002d3faafb488dec1f410.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\3C84.tmp
      C:\Users\Admin\AppData\Local\Temp\3C84.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:1780

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9df9e7b980bd390203f55d28ec8f9950

          SHA1

          2496bcad619e5c839a7b9cafb185ee4954d9a698

          SHA256

          0e55a28f73ee2b99f08462de03c23385101b7660ac072ab3533276ca85662e54

          SHA512

          2ad6521d55a1f9dac05d2e75c76004ec05ec57bd568e931e620a226ce7bdde7ed6849c6537df2e770f124df6603ebf8703ade18bf3cebca12b50cb346497154d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3C84.tmp
          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3C84.tmp
          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3C84.tmp
          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab4398.tmp
          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar43E9.tmp
          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
          Filesize

          125B

          MD5

          5ab328ad8bbb152faf682da8d6f09fea

          SHA1

          f2a08728426b4d8a19294747cde6f680293b0211

          SHA256

          e50ba417b3c1b1ca8bec6bb81d2dfc24bf20ec580301592b796cb87a8c1603ec

          SHA512

          cbcd2c7a2290f78febe6c83f7fb5c35828d09c65f825ebeab30eb10e58bc9fd7b876c737fe9c9362e9708649c45f1040e1024f5405a85cd36eabf04eeefcf3fc

          Download Submit

        • \Users\Admin\AppData\Local\Temp\3C84.tmp
          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

          Download Submit

        • \Users\Admin\AppData\Local\Temp\3C84.tmp
          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

          Download Submit

        • memory/1736-0-0x0000000000240000-0x0000000000282000-memory.dmp

          Filesize

          264KB

          Download

        • memory/1736-15-0x0000000000400000-0x000000000049A000-memory.dmp

          Filesize

          616KB

          Download

        • memory/1736-240-0x0000000000400000-0x000000000049A000-memory.dmp

          Filesize

          616KB

          Download

        • memory/1736-1-0x0000000000240000-0x0000000000282000-memory.dmp

          Filesize

          264KB

          Download