6f8771f95b07ab66bfae9fe569d52dc190b27cd2adcb59cfe0dd5ff42b3a7cac

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.12f59381cc1ae12c41ce96528aca0200.exe
Size

14KB
MD5

12f59381cc1ae12c41ce96528aca0200
SHA1

c441476c1ba140a02cda4c8e8988b1cedffe69a9
SHA256

6f8771f95b07ab66bfae9fe569d52dc190b27cd2adcb59cfe0dd5ff42b3a7cac
SHA512

b4ee49ca1ce3b87979f10826a8dca7fa23163cfedd3fe09df74ab7ffb7f29419403f67ec34b93fe8ceadc268396273a7abf701b482286bf1b683c41d8c2474e5
SSDEEP

192:X4NPnwR2QSseDgp7X2GFUat/NRg/tAVFNzlBTo:XaPnwR25seDgp7BNR7lB8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2520	hots.exe

Loads dropped DLL 2 IoCs

pid	Process
2208	NEAS.12f59381cc1ae12c41ce96528aca0200.exe
2208	NEAS.12f59381cc1ae12c41ce96528aca0200.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2520	2208	NEAS.12f59381cc1ae12c41ce96528aca0200.exe	28
PID 2208 wrote to memory of 2520	2208	NEAS.12f59381cc1ae12c41ce96528aca0200.exe	28
PID 2208 wrote to memory of 2520	2208	NEAS.12f59381cc1ae12c41ce96528aca0200.exe	28
PID 2208 wrote to memory of 2520	2208	NEAS.12f59381cc1ae12c41ce96528aca0200.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.12f59381cc1ae12c41ce96528aca0200.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.12f59381cc1ae12c41ce96528aca0200.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\hots.exe
  "C:\Users\Admin\AppData\Local\Temp\hots.exe"
  2⤵
  - Executes dropped EXE
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hots.exe

Filesize
14KB

MD5
79bdec556b86c0e3ebcc1f10fc8f409e

SHA1
57832b895bb35cf0f05b1e4ed4dba5cd59f1aa7a

SHA256
69dd59f896da9b50bf1d23361fa69d0e8e796de5ab34627dd82797639a0dff6a

SHA512
caa03f832f5f7dfb37f0b9be699c8eff40660ca54e0098089ca7d4b2123541acbf2279a3a25b347feb25f53fd4dc0d4110cc8a7a20a22b98b94433bf3712de0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hots.exe

Filesize
14KB

MD5
79bdec556b86c0e3ebcc1f10fc8f409e

SHA1
57832b895bb35cf0f05b1e4ed4dba5cd59f1aa7a

SHA256
69dd59f896da9b50bf1d23361fa69d0e8e796de5ab34627dd82797639a0dff6a

SHA512
caa03f832f5f7dfb37f0b9be699c8eff40660ca54e0098089ca7d4b2123541acbf2279a3a25b347feb25f53fd4dc0d4110cc8a7a20a22b98b94433bf3712de0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hots.exe

Filesize
14KB

MD5
79bdec556b86c0e3ebcc1f10fc8f409e

SHA1
57832b895bb35cf0f05b1e4ed4dba5cd59f1aa7a

SHA256
69dd59f896da9b50bf1d23361fa69d0e8e796de5ab34627dd82797639a0dff6a

SHA512
caa03f832f5f7dfb37f0b9be699c8eff40660ca54e0098089ca7d4b2123541acbf2279a3a25b347feb25f53fd4dc0d4110cc8a7a20a22b98b94433bf3712de0c

Download Submit
\Users\Admin\AppData\Local\Temp\hots.exe

Filesize
14KB

MD5
79bdec556b86c0e3ebcc1f10fc8f409e

SHA1
57832b895bb35cf0f05b1e4ed4dba5cd59f1aa7a

SHA256
69dd59f896da9b50bf1d23361fa69d0e8e796de5ab34627dd82797639a0dff6a

SHA512
caa03f832f5f7dfb37f0b9be699c8eff40660ca54e0098089ca7d4b2123541acbf2279a3a25b347feb25f53fd4dc0d4110cc8a7a20a22b98b94433bf3712de0c

Download Submit
\Users\Admin\AppData\Local\Temp\hots.exe

Filesize
14KB

MD5
79bdec556b86c0e3ebcc1f10fc8f409e

SHA1
57832b895bb35cf0f05b1e4ed4dba5cd59f1aa7a

SHA256
69dd59f896da9b50bf1d23361fa69d0e8e796de5ab34627dd82797639a0dff6a

SHA512
caa03f832f5f7dfb37f0b9be699c8eff40660ca54e0098089ca7d4b2123541acbf2279a3a25b347feb25f53fd4dc0d4110cc8a7a20a22b98b94433bf3712de0c

Download Submit