6344e2374ab2c6fa25295db13f25eb83e0411968798bb0cda61ce1f5cc4a3d07

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.5e1747e390235c6cacaf3d2b068ba050.exe
Size

888KB
MD5

5e1747e390235c6cacaf3d2b068ba050
SHA1

59173dcdcc853ea2dfce51907aa4b58655f59789
SHA256

6344e2374ab2c6fa25295db13f25eb83e0411968798bb0cda61ce1f5cc4a3d07
SHA512

8c58177b4a1ca6120bacd5821672ec782e9758ce242c4dc5e33ed7111886aae49f9d5194274affd011a4a3cd08a21eece3fcc2d32f0fa72c508e08551d8623ea
SSDEEP

6144:JQGy5HRVQq9AUTiu88UlJK5qXY3g7wCMTz75ZcwABrxxJa/YES8P:JQGyXSq9XU8UlJxwg8756jlDa/ZS8P

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Executes dropped EXE 1 IoCs

pid	Process
2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Loads dropped DLL 4 IoCs

pid	Process
2136	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2348	2856	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2136	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2856	2136	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	29
PID 2136 wrote to memory of 2856	2136	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	29
PID 2136 wrote to memory of 2856	2136	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	29
PID 2136 wrote to memory of 2856	2136	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	29
PID 2856 wrote to memory of 2348	2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	30
PID 2856 wrote to memory of 2348	2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	30
PID 2856 wrote to memory of 2348	2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	30
PID 2856 wrote to memory of 2348	2856	NEAS.5e1747e390235c6cacaf3d2b068ba050.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 144
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Filesize
888KB

MD5
839f733cecf8bb0366077de926d4cc99

SHA1
f35632b427a1406b9334c3281ef3e9b2e8564a86

SHA256
b5513ff3df4fae0d4f85312865963275fa4f5323c5a53790e59bb1d92ec16d46

SHA512
e9ac3d77a5e76503253918314c0aba9e4aae4cb822253648cf9ce924712897ded200b04e416a589a2a819d1ea1850116ca27fb3a793fd23bd9016be157afcf13

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Filesize
888KB

MD5
839f733cecf8bb0366077de926d4cc99

SHA1
f35632b427a1406b9334c3281ef3e9b2e8564a86

SHA256
b5513ff3df4fae0d4f85312865963275fa4f5323c5a53790e59bb1d92ec16d46

SHA512
e9ac3d77a5e76503253918314c0aba9e4aae4cb822253648cf9ce924712897ded200b04e416a589a2a819d1ea1850116ca27fb3a793fd23bd9016be157afcf13

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Filesize
888KB

MD5
839f733cecf8bb0366077de926d4cc99

SHA1
f35632b427a1406b9334c3281ef3e9b2e8564a86

SHA256
b5513ff3df4fae0d4f85312865963275fa4f5323c5a53790e59bb1d92ec16d46

SHA512
e9ac3d77a5e76503253918314c0aba9e4aae4cb822253648cf9ce924712897ded200b04e416a589a2a819d1ea1850116ca27fb3a793fd23bd9016be157afcf13

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Filesize
888KB

MD5
839f733cecf8bb0366077de926d4cc99

SHA1
f35632b427a1406b9334c3281ef3e9b2e8564a86

SHA256
b5513ff3df4fae0d4f85312865963275fa4f5323c5a53790e59bb1d92ec16d46

SHA512
e9ac3d77a5e76503253918314c0aba9e4aae4cb822253648cf9ce924712897ded200b04e416a589a2a819d1ea1850116ca27fb3a793fd23bd9016be157afcf13

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.5e1747e390235c6cacaf3d2b068ba050.exe

Filesize
888KB

MD5
839f733cecf8bb0366077de926d4cc99

SHA1
f35632b427a1406b9334c3281ef3e9b2e8564a86

SHA256
b5513ff3df4fae0d4f85312865963275fa4f5323c5a53790e59bb1d92ec16d46

SHA512
e9ac3d77a5e76503253918314c0aba9e4aae4cb822253648cf9ce924712897ded200b04e416a589a2a819d1ea1850116ca27fb3a793fd23bd9016be157afcf13

Download Submit
memory/2136-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2136-6-0x00000000030C0000-0x00000000031A8000-memory.dmp

Filesize
928KB

Download
memory/2136-8-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2856-10-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2856-11-0x0000000002E00000-0x0000000002EE8000-memory.dmp

Filesize
928KB

Download
memory/2856-15-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download