Overview

overview

8

Static

static

3

NEAS.162b1...20.exe

windows7-x64

8

NEAS.162b1...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    27s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2023, 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.162b156c8f1928f8f73ae2fb91c1e120.exe

  • Size

    148KB

  • MD5

    162b156c8f1928f8f73ae2fb91c1e120

  • SHA1

    aaa4de93dad135ae86a11b96b5af4d69dcdd51ee

  • SHA256

    bd71ad9035d5a1b0e1fde6badd164202e039cda52f1d874266966e52f0b01309

  • SHA512

    313500331e7b5269e33c06df3d886a15c70761d9527c429d683e220c6b94aa3c971f148142094d0788cf53f4fc114fc8e68b72dcecde20eeb6ac5cb41fc517ac

  • SSDEEP

    3072:dFugOVIc1+I8X9ySrCunXB/52jQgSJpJePVSnRi:dFZOngIedrNnXBQERJpJBg

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.162b156c8f1928f8f73ae2fb91c1e120.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.162b156c8f1928f8f73ae2fb91c1e120.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2276
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {98F59326-1162-436B-9EFC-0E3509D0C924} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\PROGRA~3\Mozilla\xvqykzi.exe
      C:\PROGRA~3\Mozilla\xvqykzi.exe -tkarfve
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\xvqykzi.exe
    Filesize

    148KB

    MD5

    dea23bf15f6476e3fff47ed0951c6e54

    SHA1

    7e627cfdac173e2dde2ad63e5ccf45de013b7816

    SHA256

    e1c4b036658defb5f5fe865ed992d3e8dfe9b79b73104308abcd7c4b2f71f7d7

    SHA512

    308e378716fceb7e3beff4c702c6d7fd2f279a987d55de4a1515fa53b5dbfa887d630f9386baab864accc6a1f2eedd41b2d4d2736df8053332840ea083aae33b

    Download Submit

  • C:\PROGRA~3\Mozilla\xvqykzi.exe
    Filesize

    148KB

    MD5

    dea23bf15f6476e3fff47ed0951c6e54

    SHA1

    7e627cfdac173e2dde2ad63e5ccf45de013b7816

    SHA256

    e1c4b036658defb5f5fe865ed992d3e8dfe9b79b73104308abcd7c4b2f71f7d7

    SHA512

    308e378716fceb7e3beff4c702c6d7fd2f279a987d55de4a1515fa53b5dbfa887d630f9386baab864accc6a1f2eedd41b2d4d2736df8053332840ea083aae33b

    Download Submit

  • memory/2276-0-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2276-1-0x0000000000320000-0x000000000037B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2276-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-10-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-11-0x0000000000390000-0x00000000003EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2680-17-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download