Overview

overview

10

Static

static

3

NEAS.97e56...60.exe

windows7-x64

10

NEAS.97e56...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.97e56aa309979f8c89fdb79dc1b16a60.exe

  • Size

    209KB

  • MD5

    97e56aa309979f8c89fdb79dc1b16a60

  • SHA1

    6e761078382e7380d97737c4b00d48c77c799803

  • SHA256

    7d5c270146fcd8c9842329173325627720b0044afbbe18aa9284b11fbaded2c9

  • SHA512

    eb35751b2acbd071cb68e3ea69cf43fd59c86d447830a55d5e0adc84d9bf13c17474e7b7918a69e1242843241ed85ca2aa9ccde2f7b081f77049f0d5604aea96

  • SSDEEP

    6144:Z731bdBaHdcpHo9fv85syGUnCA2Gs4a3GhV:Z1bucp+fv85syQtGsCV

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.97e56aa309979f8c89fdb79dc1b16a60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.97e56aa309979f8c89fdb79dc1b16a60.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX8C2B.tmp
    Filesize

    61KB

    MD5

    cb2b9a8ea0f5ac58e3b1ff5d21a6092a

    SHA1

    ac01980900d7f76c1f02c0fc010dfc2b76e7f6c7

    SHA256

    6331d18b028f8ac60b9b333156855fa627344a3c649b71f7c733841f711ee7e8

    SHA512

    214847ffe1da22ddcb635b583d0dcdf1f77ca66cbd1f6f356feba879cbc7894067b0af776a101349f8d9a405333aeae06a8d33cd1b5249412989494318c77f2a

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    567KB

    MD5

    3ba8e787d4fd5ce7a271651a1ca0e728

    SHA1

    0b63a243fa1cdf45f91b7e42a9aae58ada493e5f

    SHA256

    d2f9f42351ae767d973744dd4b40685441dc5f68b98f3b2d55a2e17a4bb7b711

    SHA512

    bc825310bb28791f68e2cbedca18aca4da3402530305449138a4027f41b98edd1350c8292202d8967f803b61310f33fd3f42803e47fd9ff22e53d04b9ca1e04d

    Download Submit

  • memory/2652-115-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-116-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-111-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-112-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-113-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-114-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-33-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-110-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-117-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-118-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-119-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-120-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-121-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2652-122-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download