Overview

overview

3

Static

static

3

NEAS.9a4b8...40.exe

windows7-x64

1

NEAS.9a4b8...40.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2023, 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.9a4b8c4045d7acdf38c55ca48e46e040.exe

  • Size

    14KB

  • MD5

    9a4b8c4045d7acdf38c55ca48e46e040

  • SHA1

    efce5d5b38d95fb605d7c8a36ca0cf2819c73309

  • SHA256

    fd8ba157f2bcef1e0127ebe0431ec9fe960be13e44ed62a13db74eedad3e48f0

  • SHA512

    19a84a45e4e3f60ab67afaa3800ffd890802be09731cba4cfa74239b57a9dd0d321d96862a5f670c01059081844eab7dc8f201df37a83659eda8c5efc0dd6519

  • SSDEEP

    384:Ep1aDAmvvvvvvvvvvvvvvlnwYyODE045H:Ep1ac2LNA

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.9a4b8c4045d7acdf38c55ca48e46e040.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9a4b8c4045d7acdf38c55ca48e46e040.exe"
    1⤵
      PID:1348
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
        2⤵
        • Program crash
        PID:3428
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1348 -ip 1348
      1⤵
        PID:1380
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:4792
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2040

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
          Filesize

          16KB

          MD5

          7bb6ceae9bc55cbff1a09bb5a834f40e

          SHA1

          1203bc55e405c7b2a9c279f7c7db0b3bb8d7d4a8

          SHA256

          53f2cae82b7de097c23e98e5f95b03fbbae5087363c445fc1cc34fa55872ae85

          SHA512

          865b3f4091eed8a22e5c7c33e991fbe0287744b12a95a87030fc09f1aa5d215d8b0d1dfa77ecbe46f133e5faf8b36d47d13b5ebee33f13c54dcaf3b24c8bd04c

          Download Submit

        • memory/1348-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2040-42-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-43-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-34-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-35-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-36-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-37-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-38-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-39-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-40-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-44-0x0000017339D00000-0x0000017339D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-33-0x0000017339FB0000-0x0000017339FB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-17-0x0000017331B40000-0x0000017331B50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2040-41-0x0000017339FE0000-0x0000017339FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-45-0x0000017339CF0000-0x0000017339CF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-47-0x0000017339D00000-0x0000017339D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-50-0x0000017339CF0000-0x0000017339CF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-53-0x00000173313F0000-0x00000173313F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-1-0x0000017331A40000-0x0000017331A50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2040-65-0x0000017339E30000-0x0000017339E31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-67-0x0000017339E40000-0x0000017339E41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-68-0x0000017339E40000-0x0000017339E41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2040-69-0x0000017339F50000-0x0000017339F51000-memory.dmp

          Filesize

          4KB

          Download