Overview

overview

7

Static

static

3

NEAS.a0c8b...10.exe

windows7-x64

7

NEAS.a0c8b...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2023, 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.a0c8b556a59d0cf9a69a4e99bb545c10.exe

  • Size

    8.9MB

  • MD5

    a0c8b556a59d0cf9a69a4e99bb545c10

  • SHA1

    e55881f7523428b63674ffc6841de2e6b25a7d32

  • SHA256

    d035131d83f6b4b99abc7c048df6dafa7971a320ff665ed75ca8061aeff52149

  • SHA512

    d20023339f3ea75431b89ac74c78f633cfb191b22134e4b876475df2e5a82ac12eb7ea9b8fd46d49ab917ca1b472a3c32561138fc79f07f5a7909c0807364b01

  • SSDEEP

    98304:nllllllllllllllllllllllllllllllllllllllH:D

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.a0c8b556a59d0cf9a69a4e99bb545c10.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a0c8b556a59d0cf9a69a4e99bb545c10.exe"
    1⤵
    • Drops file in System32 directory
    PID:3944
  • C:\Windows\SysWOW64\svrwsc.exe
    C:\Windows\SysWOW64\svrwsc.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:3084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\svrwsc.exe
    Filesize

    9.2MB

    MD5

    21d09ef5a86025ef45664b6d304ce3dc

    SHA1

    d71c353a3c23e96ddd200de4b7dfc8cfc64142a0

    SHA256

    18c92d9fcdcabcb5b8639a98d4002adf5575fae9489a5fd6fe38193743db1f10

    SHA512

    09625e534aa11ada51b1fe0b4c31188b6c09fa4a48b2420c6eabee90bd82d1c93cb74511e394cbf1c29d0db8343d50d60695b04a7b95b805f96276b9c77401cb

    Download Submit

  • C:\Windows\SysWOW64\svrwsc.exe
    Filesize

    9.2MB

    MD5

    21d09ef5a86025ef45664b6d304ce3dc

    SHA1

    d71c353a3c23e96ddd200de4b7dfc8cfc64142a0

    SHA256

    18c92d9fcdcabcb5b8639a98d4002adf5575fae9489a5fd6fe38193743db1f10

    SHA512

    09625e534aa11ada51b1fe0b4c31188b6c09fa4a48b2420c6eabee90bd82d1c93cb74511e394cbf1c29d0db8343d50d60695b04a7b95b805f96276b9c77401cb

    Download Submit

  • memory/3084-5-0x00000000001F0000-0x00000000001F5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3084-7-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3084-9-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3944-0-0x00000000007D0000-0x00000000007D5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3944-1-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3944-8-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download