Analysis

  • max time kernel
    172s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2023, 21:22

General

  • Target

    NEAS.6b1d60aa99642cc2ec8f135045b02060.exe

  • Size

    582KB

  • MD5

    6b1d60aa99642cc2ec8f135045b02060

  • SHA1

    9e1a0d02469b47f3478afe160d3d1c4b17d00128

  • SHA256

    25871bf8a488d6b5d30604bdb65a6f9b37dccf7914ec7ed7172214dde6db89b7

  • SHA512

    a56fede25faa21a180db5ac097265dac144f2deb99395ff353c56eba1e24ca085dfb40d6123aec118ac52ecd61c155098066ee20d51c81d79ce8a6b432221ef4

  • SSDEEP

    12288:wRCwxW0udWTRW8fdeAISKGKHgshux0wJmWsx6:NwxbuETRW8fdeAIS6AsLwJm1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.6b1d60aa99642cc2ec8f135045b02060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.6b1d60aa99642cc2ec8f135045b02060.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Users\Admin\AppData\Local\Temp\F30B.tmp
      C:\Users\Admin\AppData\Local\Temp\F30B.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:5060

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_809DE37BF6F91747203FF7559791C460

          Filesize

          471B

          MD5

          c97729e2b44e500be22bffd54e4bf58a

          SHA1

          78f4bbdc38ed588359887e051b306ba6c6c58082

          SHA256

          1816a9de15b036535c9c6ca3c344f8c6f640481517feb98048f86b1a47c2c9a8

          SHA512

          d25ac18030a0caf738e30cd5465bfbaf7e55b39e0b592870e77be89a32392e6275c1093809dad038ddbe39517731b00ef13ceb2e116de48134e5f021899873fd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

          Filesize

          471B

          MD5

          d5dca730df319f765eb1b1cee9c3708d

          SHA1

          933b4c5ceb314e4d8c2fc332355a9c17d7b2c0e5

          SHA256

          d3f39b6306671bf1eaae163b2c478e5e9900273187893da4eb8be7e72bcee2cc

          SHA512

          e20e60c3447b567a90deab7a554d631f1e70cad91933ffe9e2c8e1e1e8ad3102f1a5f27e92a9688c049b8fbe15d6d5070f246d874cb2853f7725a00622c02912

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_809DE37BF6F91747203FF7559791C460

          Filesize

          404B

          MD5

          5d7c60a56133fdfdcaa3f38b03eeb558

          SHA1

          545db7a232d193dfb7d87833a6a529f39fbf1848

          SHA256

          863cbaeb3391635479aa33c743af47350e5b3ff97c64b8b796c4760a3dd96844

          SHA512

          d2591662c0fbea5f8bd0aff58d97a4a58966449c751e64aa9b0877c2ffef01d91c47b81416c6b581fbbd5a3e33403154bca65910fa0643220e203b059668bb0d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

          Filesize

          412B

          MD5

          97e723031aa274b5147735ac6af483c0

          SHA1

          8fe4fc9033a0546fb83f964d568f9cae28a83848

          SHA256

          3a4eba2309d722830a3f0a5af740bd657e0ba237f0e722dad53c3cac99198081

          SHA512

          75db178c8a0299f5a39d8496ffc4fe8555103f77cbcbce5e04df5de1a543eb8859f03b26136fed321c6850cce8b2e0aac83a434c6bccbe47c002094eff1fa3a6

        • C:\Users\Admin\AppData\Local\Temp\F30B.tmp

          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

        • C:\Users\Admin\AppData\Local\Temp\F30B.tmp

          Filesize

          145KB

          MD5

          c610e7ccd6859872c585b2a85d7dc992

          SHA1

          362b3d4b72e3add687c209c79b500b7c6a246d46

          SHA256

          14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

          SHA512

          8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

        • C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg

          Filesize

          3KB

          MD5

          f99e2cb678a33310336f1375052e9ef5

          SHA1

          ae0b828f198d06240f27e21d727583034c99f445

          SHA256

          bf527c103bb330772aae2dfcfb9ffecf51840ac744560c45b575cedbdba4b66d

          SHA512

          661dca2b8802019a507abd6cf192cf209406498d0558137d7c0a24db8cb6edf072cf9fd4fca76107de0e0bba6b25c863b7c2dc50860b92039c6dc7879568ef78

        • C:\Users\Admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml

          Filesize

          17KB

          MD5

          7127539702867af35c2eb9757b191480

          SHA1

          b3b28103397d7bd2ef27010d5ea328ac047c6569

          SHA256

          ff14c841276ab90280ae4af4eaf2d7604e41e37d1925436a70f6faeda8e318f5

          SHA512

          12c124510b971e1ed546bb6d0276a327d8153bed6c96efa9a573190a37cccaca03338e5e219303094f4ef0895681776ac81dcee33d65009132747e4a8a9be2e0

        • memory/1084-1-0x0000000000660000-0x000000000069D000-memory.dmp

          Filesize

          244KB

        • memory/1084-0-0x0000000000660000-0x000000000069D000-memory.dmp

          Filesize

          244KB

        • memory/1084-10-0x0000000000400000-0x0000000000495000-memory.dmp

          Filesize

          596KB

        • memory/1084-24-0x0000000000400000-0x0000000000495000-memory.dmp

          Filesize

          596KB