Overview

overview

7

Static

static

3

NEAS.7f96d...a0.exe

windows7-x64

7

NEAS.7f96d...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/10/2023, 17:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7f96d04ce6ccd6b42ff1a4f8cdaab0a0.exe

  • Size

    412KB

  • MD5

    7f96d04ce6ccd6b42ff1a4f8cdaab0a0

  • SHA1

    fb5611c00cdfde5b8ce380dcf29ce538ddc603b1

  • SHA256

    14382a6e4fdb61f1c84d4b05502fabcce8fc66ca89fe2a109ab648b384e02819

  • SHA512

    6aa3a94e668b0e69f4d760e4b3c737204cf242d31f9527005b1b05dcb4582f4292a9f9bbef287cfd7808763c827d842c0892ac70bbb50251fbd2f8f5ef686021

  • SSDEEP

    6144:SLH2rO/5jgKhGns79MdJCWwoSaRRcA6w3VTo3eGjGVHRxtUfEeXyMOBT5g5x++nm:S7nBJhGs7R9YTToJjG/ukeqbqCm4WO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7f96d04ce6ccd6b42ff1a4f8cdaab0a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7f96d04ce6ccd6b42ff1a4f8cdaab0a0.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Program Files (x86)\rmdszljucr\nnchcbevvfw.exe
      "C:\Program Files (x86)\rmdszljucr\nnchcbevvfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2744

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\rmdszljucr\nnchcbevvfw.exe
          Filesize

          436KB

          MD5

          7ca9f3eb79365c4e8e4211daeeca3c5e

          SHA1

          27b883c11d3b6d43cbd1af49890d5ebbdcc6caee

          SHA256

          3f94e249f55d34cd33b1a8005ce891e204b3741771b6fc2e8613e5c9421c6d8d

          SHA512

          cd67055b7f4330b2b4ac2ad269d37223e06debfba033ff3785baae65fd03ded61cdb6b2aa3945d1e45569ca335c128e05009025a063a8d4904083258d796d229

          Download Submit

        • C:\Program Files (x86)\rmdszljucr\nnchcbevvfw.exe
          Filesize

          436KB

          MD5

          7ca9f3eb79365c4e8e4211daeeca3c5e

          SHA1

          27b883c11d3b6d43cbd1af49890d5ebbdcc6caee

          SHA256

          3f94e249f55d34cd33b1a8005ce891e204b3741771b6fc2e8613e5c9421c6d8d

          SHA512

          cd67055b7f4330b2b4ac2ad269d37223e06debfba033ff3785baae65fd03ded61cdb6b2aa3945d1e45569ca335c128e05009025a063a8d4904083258d796d229

          Download Submit

        • memory/1420-0-0x0000000000400000-0x000000000048E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1420-1-0x0000000000400000-0x000000000048E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1420-6-0x0000000000400000-0x000000000048E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/2744-8-0x0000000000400000-0x000000000048E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/2744-9-0x0000000000400000-0x000000000048E000-memory.dmp

          Filesize

          568KB

          Download