ac97ab4e781aceabffd92a3935d3f87bf3f1f986f8f4cbddf204d93c64dca01b

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.e003e3973aaf0bbc3201c55d9a635300.exe
Size

478KB
MD5

e003e3973aaf0bbc3201c55d9a635300
SHA1

916c6d2dcd07941e13e19a922168b82e057f70c4
SHA256

ac97ab4e781aceabffd92a3935d3f87bf3f1f986f8f4cbddf204d93c64dca01b
SHA512

eaabaf9e482c24b89a9ce499f6443afaff8b85cc04d745de1b372388f6c31c134eaf8e44c2518fbc65364f7d28562f22759eff3533ca628574cfbac21dadf6b1
SSDEEP

12288:QH3+eU1ZUzNDqb/QwSNVEF+0k85lCk40/T7l:QH3+qzm/Guk85l34oTx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2920	NEAS.e003e3973aaf0bbc3201c55d9a635300.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	NEAS.e003e3973aaf0bbc3201c55d9a635300.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\NEAS.e003e3973aaf0bbc3201c55d9a635300.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e003e3973aaf0bbc3201c55d9a635300.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst8DFF.tmp\utility.dll

Filesize
70KB

MD5
0159565753291e23747282a71ea8d78e

SHA1
a0a3ba463d302eaaec81625b1cdd7a586851f4b9

SHA256
c9f26b7b60e9f71cbd2cf3a3a2f7754fd492004165a764a4e3bd22b53b49a4b9

SHA512
f74134495f7a7e83e5a68e76555b97d7a314b0b664a7f3171a79da880a29c7e63ce066c8d85063ce2cfaef1eab18cca164bf18b1b2396025e92c144b35480ec0

Download Submit
\Users\Admin\AppData\Local\Temp\nst8DFF.tmp\utility.dll

Filesize
70KB

MD5
0159565753291e23747282a71ea8d78e

SHA1
a0a3ba463d302eaaec81625b1cdd7a586851f4b9

SHA256
c9f26b7b60e9f71cbd2cf3a3a2f7754fd492004165a764a4e3bd22b53b49a4b9

SHA512
f74134495f7a7e83e5a68e76555b97d7a314b0b664a7f3171a79da880a29c7e63ce066c8d85063ce2cfaef1eab18cca164bf18b1b2396025e92c144b35480ec0

Download Submit