9843515aa7944055409c493046726f82c5639c1e2075403c169b1e8a5cba29cf

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
Size

826KB
MD5

1a3dacf44fa75d542a4a4b11533b03d0
SHA1

eb203719ce6e28cd5f0dc2b318b666d090e64198
SHA256

9843515aa7944055409c493046726f82c5639c1e2075403c169b1e8a5cba29cf
SHA512

b2c2ac760b0c328303f9f085a939afe678a5948c1805e2f8203d2c4fc2b74389f3cbd5f7cc111f7c9df975c02c9db018d67a1c4fac8259ecb5c2531ef10f2a70
SSDEEP

24576:XAQoDefT6HesrQrSDZhyZ+aan+mMfqZaRfA5W:XAcGHC2ZUZ+umWeay5W

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
5732	NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1a3dacf44fa75d542a4a4b11533b03d0.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BDU.ini

Filesize
1KB

MD5
ef956e51fe54f7b22b36a6d8122ffd55

SHA1
8268906695de757bec6c01734b9963cc541d1311

SHA256
6fc89dd73f7b954a46a9e8f5191bcc65a2774393199ead66e0dff09e54b73ae3

SHA512
8ccd78473e6c5a4b2358cc3e5a866a452b7cf3fe5ee375b9b65d5a56d866fa5a63b0ae6c5769740e24d7f7771243a072b3e4ffaec1ede2f6155da0b7fd82a76d

Download Submit