579b87c12d3f0367c512b2e76086683c20dc5d4d7f14d88269848b65bb364d63

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe
Size

2.6MB
MD5

99f461a059bcaf5ff19971e4c5eab1d0
SHA1

61561e97983d2408318923b3577dce10b1f2c368
SHA256

579b87c12d3f0367c512b2e76086683c20dc5d4d7f14d88269848b65bb364d63
SHA512

30794d1d2479485d60b2b61044a46f3aed330eac38122e2398dd4784dc0029d81b159e3dad7c9becb7ea28f001e681f9de75ad9e4cf1a4e7ab712adc65cd5965
SSDEEP

49152:j1OsL2YsL2oaLeTszEjYNFIPhez4pj1dXOlk6By7g4dsB7BXGhb:j1OpayTsAtPQmClp0gf2J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	Install.exe

Loads dropped DLL 3 IoCs

pid	Process
2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe
2648	Install.exe
2648	Install.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2648	Install.exe
2648	Install.exe
2648	Install.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2648	Install.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28
PID 2924 wrote to memory of 2648	2924	NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.99f461a059bcaf5ff19971e4c5eab1d0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\Install.exe
  .\Install.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\Install.exe

Filesize
1.2MB

MD5
5299cd1367e7043e83b77ae5b5cadeec

SHA1
f2a2f1fe5045ca20887905c1615f15af071a0466

SHA256
d002709398ae113b79dd001255f4077c8123392423e6138b891dfaae0568083a

SHA512
83e1686ae781695bcd140e2b2965e91c514310e536a10326c76e59db2f40ada8cd43fcd4675f0e77fb40c1cda0e27c0f5b32c762cc0ab8659ebc8c9eaeacdd67

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\Install.exe

Filesize
1.2MB

MD5
5299cd1367e7043e83b77ae5b5cadeec

SHA1
f2a2f1fe5045ca20887905c1615f15af071a0466

SHA256
d002709398ae113b79dd001255f4077c8123392423e6138b891dfaae0568083a

SHA512
83e1686ae781695bcd140e2b2965e91c514310e536a10326c76e59db2f40ada8cd43fcd4675f0e77fb40c1cda0e27c0f5b32c762cc0ab8659ebc8c9eaeacdd67

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\files\NetPanel.ini

Filesize
336B

MD5
69bf3383fe82fc8789c8fcbf288e2c7d

SHA1
af527e12dbd6bee2e6c7f047c9810e4da7ceda6b

SHA256
db2ed95a4e64500fd8bf672ca548b0538f5c599ca34b6a1fad67d79ee2b81cf6

SHA512
d45a8240b7399dc6e0a83e38c4e4a4fddad1bf35e0a0afa8495a680f0189b2002c9e29da4c123b72b1bc1a98eec94e08d3d027399a85a58b36cc7da87d650cb5

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\Install.exe

Filesize
1.2MB

MD5
5299cd1367e7043e83b77ae5b5cadeec

SHA1
f2a2f1fe5045ca20887905c1615f15af071a0466

SHA256
d002709398ae113b79dd001255f4077c8123392423e6138b891dfaae0568083a

SHA512
83e1686ae781695bcd140e2b2965e91c514310e536a10326c76e59db2f40ada8cd43fcd4675f0e77fb40c1cda0e27c0f5b32c762cc0ab8659ebc8c9eaeacdd67

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\Install.exe

Filesize
1.2MB

MD5
5299cd1367e7043e83b77ae5b5cadeec

SHA1
f2a2f1fe5045ca20887905c1615f15af071a0466

SHA256
d002709398ae113b79dd001255f4077c8123392423e6138b891dfaae0568083a

SHA512
83e1686ae781695bcd140e2b2965e91c514310e536a10326c76e59db2f40ada8cd43fcd4675f0e77fb40c1cda0e27c0f5b32c762cc0ab8659ebc8c9eaeacdd67

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4EBC.tmp\Install.exe

Filesize
1.2MB

MD5
5299cd1367e7043e83b77ae5b5cadeec

SHA1
f2a2f1fe5045ca20887905c1615f15af071a0466

SHA256
d002709398ae113b79dd001255f4077c8123392423e6138b891dfaae0568083a

SHA512
83e1686ae781695bcd140e2b2965e91c514310e536a10326c76e59db2f40ada8cd43fcd4675f0e77fb40c1cda0e27c0f5b32c762cc0ab8659ebc8c9eaeacdd67

Download Submit