Overview

overview

7

Static

static

3

NEAS.2b73e...70.exe

windows7-x64

7

NEAS.2b73e...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2023, 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2b73e6da4c64dd865bf258fc8b8d0270.exe

  • Size

    500KB

  • MD5

    2b73e6da4c64dd865bf258fc8b8d0270

  • SHA1

    12410e0681b7b72322639870bd642d6c40db63d9

  • SHA256

    fe3119e62a9370fbd5761ae69022564e872cb8854b176df7dcab5ea6515dd489

  • SHA512

    ea920324f751162df0de37e0dc374d00dca857de69df7da0b34d3364c0fcd4c9730bdb5a4445c0a3bd24ff162f740c467b49b157233f4ff102e70f1a7c3d01f1

  • SSDEEP

    12288:8WBm+95nHfF2mgewFx5wGMpH9Fkyac1H1kfgjdkA:8WBz95ndbgfx5HMvFva3gjT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2b73e6da4c64dd865bf258fc8b8d0270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2b73e6da4c64dd865bf258fc8b8d0270.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Users\Admin\AppData\Local\Temp\3A.tmp
      "C:\Users\Admin\AppData\Local\Temp\3A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\NEAS.2b73e6da4c64dd865bf258fc8b8d0270.exe 0EE5C0F11C3561BEA847B90CB341EB85F8FB8D1CD9DD430A7AC8D52E8D13DD42B71FEDF1C75CE6AB1EDBB829E093D6D37EAB9FED29B5B7A349509DB39ACA23F4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3A.tmp
    Filesize

    500KB

    MD5

    b71c1f36d04be250dce21b54c82d7e2e

    SHA1

    3ba523763fbe89cc93560aa6575349b7bce68067

    SHA256

    4e2bef60a71f4655242620aa832f9f388f507f2c9e709a499bde2e4113e5fc68

    SHA512

    b0767402aaa9366c1f3e8888747590e908d5d1ead6a90cfd158d1fcb06fb92e2693d71c09e1e34ed66221754fd0bef1dfb8cb1b3fe86ae742e05b9a08bbd5018

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3A.tmp
    Filesize

    500KB

    MD5

    b71c1f36d04be250dce21b54c82d7e2e

    SHA1

    3ba523763fbe89cc93560aa6575349b7bce68067

    SHA256

    4e2bef60a71f4655242620aa832f9f388f507f2c9e709a499bde2e4113e5fc68

    SHA512

    b0767402aaa9366c1f3e8888747590e908d5d1ead6a90cfd158d1fcb06fb92e2693d71c09e1e34ed66221754fd0bef1dfb8cb1b3fe86ae742e05b9a08bbd5018

    Download Submit

  • memory/380-6-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/380-7-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/4196-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/4196-5-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download