Overview

overview

7

Static

static

3

NEAS.67f6d...70.exe

windows7-x64

7

NEAS.67f6d...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2023, 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.67f6dc87ac43716022e9a4522d6a5670.exe

  • Size

    89KB

  • MD5

    67f6dc87ac43716022e9a4522d6a5670

  • SHA1

    667bd7735493111af2f2ee58463eeabb974dc500

  • SHA256

    32e44400d1be59d33b5523157d730027b90acad2b08ab83c29d50e0735ca8e3e

  • SHA512

    a1b1fe3435b9f89158091cf9c6a691cda55a514324bfe77e28a0dfd786d49de555b86d7d0dd44d6cf54e621b840fcbda9ea399514ed8132b7b19d889224768bb

  • SSDEEP

    768:epGH/U+JdMk7JwOeUsCPxKcTFv4LdYPofXKCC6FQxB:eY9vZ7J8CJKcT6JWov8y4B

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.67f6dc87ac43716022e9a4522d6a5670.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.67f6dc87ac43716022e9a4522d6a5670.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system\smss.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4896
      • C:\Windows\system\smss.exe
        C:\Windows\system\smss.exe
        3⤵
        • Executes dropped EXE
        PID:1232
  • C:\Windows\system\smss.exe
    C:\Windows\system\smss.exe
    1⤵
    • Executes dropped EXE
    PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\smss.exe
    Filesize

    89KB

    MD5

    67f6dc87ac43716022e9a4522d6a5670

    SHA1

    667bd7735493111af2f2ee58463eeabb974dc500

    SHA256

    32e44400d1be59d33b5523157d730027b90acad2b08ab83c29d50e0735ca8e3e

    SHA512

    a1b1fe3435b9f89158091cf9c6a691cda55a514324bfe77e28a0dfd786d49de555b86d7d0dd44d6cf54e621b840fcbda9ea399514ed8132b7b19d889224768bb

    Download Submit

  • C:\Windows\System\smss.exe
    Filesize

    89KB

    MD5

    67f6dc87ac43716022e9a4522d6a5670

    SHA1

    667bd7735493111af2f2ee58463eeabb974dc500

    SHA256

    32e44400d1be59d33b5523157d730027b90acad2b08ab83c29d50e0735ca8e3e

    SHA512

    a1b1fe3435b9f89158091cf9c6a691cda55a514324bfe77e28a0dfd786d49de555b86d7d0dd44d6cf54e621b840fcbda9ea399514ed8132b7b19d889224768bb

    Download Submit

  • C:\Windows\System\smss.exe
    Filesize

    89KB

    MD5

    67f6dc87ac43716022e9a4522d6a5670

    SHA1

    667bd7735493111af2f2ee58463eeabb974dc500

    SHA256

    32e44400d1be59d33b5523157d730027b90acad2b08ab83c29d50e0735ca8e3e

    SHA512

    a1b1fe3435b9f89158091cf9c6a691cda55a514324bfe77e28a0dfd786d49de555b86d7d0dd44d6cf54e621b840fcbda9ea399514ed8132b7b19d889224768bb

    Download Submit

  • C:\Windows\system\smss.exe
    Filesize

    89KB

    MD5

    67f6dc87ac43716022e9a4522d6a5670

    SHA1

    667bd7735493111af2f2ee58463eeabb974dc500

    SHA256

    32e44400d1be59d33b5523157d730027b90acad2b08ab83c29d50e0735ca8e3e

    SHA512

    a1b1fe3435b9f89158091cf9c6a691cda55a514324bfe77e28a0dfd786d49de555b86d7d0dd44d6cf54e621b840fcbda9ea399514ed8132b7b19d889224768bb

    Download Submit

  • memory/1232-17-0x0000000014000000-0x0000000014019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2744-18-0x0000000014000000-0x0000000014019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3760-0-0x0000000014000000-0x0000000014019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3760-12-0x0000000014000000-0x0000000014019000-memory.dmp

    Filesize

    100KB

    Download