9c6723a21f27ea812c2f9090fef50b91a7cddba6942ed30486fae981938e2fc2

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.301c96f73086dea3d683209bdf31af90.exe
Size

29KB
MD5

301c96f73086dea3d683209bdf31af90
SHA1

ab5e9d865e605be0bbffbc2852b53dcd87f6bb48
SHA256

9c6723a21f27ea812c2f9090fef50b91a7cddba6942ed30486fae981938e2fc2
SHA512

b9a520cfd0bb12af408af9c7116fe6593475aa2576de48bf4a04e89c651def5769b948263e6a640a633efc341f0d2fa35c8fe1c711af80a18d53ed401c92ba62
SSDEEP

384:UzITvSruyioUHFMvezAls1oKCIFVbLOh1foJHe8FhH8KqY10Fz:UMTx4USGzAlsyKCIFIh1fUzHUBz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2380	kgfdfjdk.exe

Loads dropped DLL 2 IoCs

pid	Process
2248	NEAS.301c96f73086dea3d683209bdf31af90.exe
2248	NEAS.301c96f73086dea3d683209bdf31af90.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2380	2248	NEAS.301c96f73086dea3d683209bdf31af90.exe	28
PID 2248 wrote to memory of 2380	2248	NEAS.301c96f73086dea3d683209bdf31af90.exe	28
PID 2248 wrote to memory of 2380	2248	NEAS.301c96f73086dea3d683209bdf31af90.exe	28
PID 2248 wrote to memory of 2380	2248	NEAS.301c96f73086dea3d683209bdf31af90.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.301c96f73086dea3d683209bdf31af90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.301c96f73086dea3d683209bdf31af90.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
  "C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe"
  2⤵
  - Executes dropped EXE
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
29KB

MD5
a1b48051b83ca8fb9d8842b1ef2942bc

SHA1
eda68267d7d02c6c5a797ccb16a75b0a3cbcd4cc

SHA256
29da84fc58aac06d7f003ab05b5c9b3fdae8c2bfff63e8af190da7a1ee86deba

SHA512
7493a07ddc5b3bd812fcc12a7243b3529f2000ac05cdef964584e4c56a59532742da6a9baaa76224d86893b285024c717301258af62846abf5ca2cb9488e7f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
29KB

MD5
a1b48051b83ca8fb9d8842b1ef2942bc

SHA1
eda68267d7d02c6c5a797ccb16a75b0a3cbcd4cc

SHA256
29da84fc58aac06d7f003ab05b5c9b3fdae8c2bfff63e8af190da7a1ee86deba

SHA512
7493a07ddc5b3bd812fcc12a7243b3529f2000ac05cdef964584e4c56a59532742da6a9baaa76224d86893b285024c717301258af62846abf5ca2cb9488e7f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
29KB

MD5
a1b48051b83ca8fb9d8842b1ef2942bc

SHA1
eda68267d7d02c6c5a797ccb16a75b0a3cbcd4cc

SHA256
29da84fc58aac06d7f003ab05b5c9b3fdae8c2bfff63e8af190da7a1ee86deba

SHA512
7493a07ddc5b3bd812fcc12a7243b3529f2000ac05cdef964584e4c56a59532742da6a9baaa76224d86893b285024c717301258af62846abf5ca2cb9488e7f2c

Download Submit
\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
29KB

MD5
a1b48051b83ca8fb9d8842b1ef2942bc

SHA1
eda68267d7d02c6c5a797ccb16a75b0a3cbcd4cc

SHA256
29da84fc58aac06d7f003ab05b5c9b3fdae8c2bfff63e8af190da7a1ee86deba

SHA512
7493a07ddc5b3bd812fcc12a7243b3529f2000ac05cdef964584e4c56a59532742da6a9baaa76224d86893b285024c717301258af62846abf5ca2cb9488e7f2c

Download Submit
\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
29KB

MD5
a1b48051b83ca8fb9d8842b1ef2942bc

SHA1
eda68267d7d02c6c5a797ccb16a75b0a3cbcd4cc

SHA256
29da84fc58aac06d7f003ab05b5c9b3fdae8c2bfff63e8af190da7a1ee86deba

SHA512
7493a07ddc5b3bd812fcc12a7243b3529f2000ac05cdef964584e4c56a59532742da6a9baaa76224d86893b285024c717301258af62846abf5ca2cb9488e7f2c

Download Submit