7a2de6fda266285ff8d3936f4dc3ed45f48ddb2ce5875fb5319e10df3c0534d2

Analysis

max time kernel
186s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.51923ef9ecb378aabcb50794a3407130.exe
Size

884KB
MD5

51923ef9ecb378aabcb50794a3407130
SHA1

e1c9af838854ed299f607e5b082d2d3216cf18ff
SHA256

7a2de6fda266285ff8d3936f4dc3ed45f48ddb2ce5875fb5319e10df3c0534d2
SHA512

d1f8bb5b5ad27b6ff95ca2c40699f2df9e54abbbb67f0603eb2918297ecfa9f141823fdefeecafad263c954b4f3bd98dc4f9ccac157bac34120d7693b6a0d183
SSDEEP

24576:hzouMNnkT0Oz9eT1VIHg4YnXUUqHxJV9yNxxG1BuQdG4WMRHss9UAjYwV6UabxXC:FFjfJLYA

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1032	NEAS.51923ef9ecb378aabcb50794a3407130.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.51923ef9ecb378aabcb50794a3407130.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.51923ef9ecb378aabcb50794a3407130.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-0-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1032-1-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-2-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-3-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1032-4-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-5-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-6-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-7-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-8-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-9-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-10-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-11-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-12-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-13-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-14-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-15-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1032-16-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download