52db7f9e29cd8d47d11bfd67d30069311ea8b8a38004f942376277425e81fa27

Analysis

max time kernel
150s
max time network
159s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe
Size

42KB
MD5

1fde17f44dbb12ac57886d26ad5eabc0
SHA1

f1575087492325853e957e9abecea68f889f92a1
SHA256

52db7f9e29cd8d47d11bfd67d30069311ea8b8a38004f942376277425e81fa27
SHA512

10c861bb346a323e88d444f3e620a61b79f4069ed3e7ef3b98fa969ca88ff3cbbcbd4869505797bc6aee352336047fa0b80f60c929cf70b9f6a9134a0718c7c9
SSDEEP

768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6D8jnPxBFH:bIDOw9a0Dwo3P1ojvUSD4PXFH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1612	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2044	NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1612	2044	NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe	28
PID 2044 wrote to memory of 1612	2044	NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe	28
PID 2044 wrote to memory of 1612	2044	NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe	28
PID 2044 wrote to memory of 1612	2044	NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1fde17f44dbb12ac57886d26ad5eabc0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
42KB

MD5
9cef4d413ae845ed6bedf3813ae707c8

SHA1
c5b406977f485cfea5775eb1afbe3f03c083ab6d

SHA256
cdd18e0f330f5fa8e14f9095d61c22722fe1fc86f314135770e28798847e5069

SHA512
03259ff7c64c9392add7d10fdb24a11075b62af5030dd9c5b4c443ba329a77a27851e9293d92dc998eafc001376bc0331db77d3cbd46629ee165dee3a7930184

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
42KB

MD5
9cef4d413ae845ed6bedf3813ae707c8

SHA1
c5b406977f485cfea5775eb1afbe3f03c083ab6d

SHA256
cdd18e0f330f5fa8e14f9095d61c22722fe1fc86f314135770e28798847e5069

SHA512
03259ff7c64c9392add7d10fdb24a11075b62af5030dd9c5b4c443ba329a77a27851e9293d92dc998eafc001376bc0331db77d3cbd46629ee165dee3a7930184

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
42KB

MD5
9cef4d413ae845ed6bedf3813ae707c8

SHA1
c5b406977f485cfea5775eb1afbe3f03c083ab6d

SHA256
cdd18e0f330f5fa8e14f9095d61c22722fe1fc86f314135770e28798847e5069

SHA512
03259ff7c64c9392add7d10fdb24a11075b62af5030dd9c5b4c443ba329a77a27851e9293d92dc998eafc001376bc0331db77d3cbd46629ee165dee3a7930184

Download Submit
memory/1612-16-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1612-15-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2044-0-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2044-2-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2044-1-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download