602ece86ba534bff134265310875b4e351d74a2013623e466191a5902e644b1b

Analysis

max time kernel
141s
max time network
134s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.81549dc21f1dd3591e141d45b5ae3980.exe
Size

1.3MB
MD5

81549dc21f1dd3591e141d45b5ae3980
SHA1

57ec52ab2326860f0ace320e15ad5007f71fed39
SHA256

602ece86ba534bff134265310875b4e351d74a2013623e466191a5902e644b1b
SHA512

6741bab1095a2fd90a52e76365aac2286d70858c3f58eafdc45ab1a457f335e68a4cb64e884702139d704ee18e371b4bac2200962afc4407249f7bbbfa15065c
SSDEEP

24576:MXaRicFDnikUa0BVdybnnavdZNVESwGMx8/J2zTfF:E6ikU0bnaTNVESGoJ2zTfF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2820	1648	WerFault.exe	27

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe
1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2820	1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	29
PID 1648 wrote to memory of 2820	1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	29
PID 1648 wrote to memory of 2820	1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	29
PID 1648 wrote to memory of 2820	1648	NEAS.81549dc21f1dd3591e141d45b5ae3980.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 1484
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Filesize
1.3MB

MD5
8f397d77c9de1f1bfa2f3426d17b3687

SHA1
7ec58481ea480d22ae1ad243782b5ecc408e8217

SHA256
843d5cc763997783ff1a0b6a0ff767ce2a79922689a1d45d679787c34b656fbb

SHA512
3afbee40b0a3984efc4b160b31f4b369402fa7a9f80541f55ffc0288ad7a96e7c43dd258e65300aabebc31e655aa9b49ffeb8424936ad73916fa50f386d83b88

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Filesize
1.3MB

MD5
8f397d77c9de1f1bfa2f3426d17b3687

SHA1
7ec58481ea480d22ae1ad243782b5ecc408e8217

SHA256
843d5cc763997783ff1a0b6a0ff767ce2a79922689a1d45d679787c34b656fbb

SHA512
3afbee40b0a3984efc4b160b31f4b369402fa7a9f80541f55ffc0288ad7a96e7c43dd258e65300aabebc31e655aa9b49ffeb8424936ad73916fa50f386d83b88

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Filesize
1.3MB

MD5
8f397d77c9de1f1bfa2f3426d17b3687

SHA1
7ec58481ea480d22ae1ad243782b5ecc408e8217

SHA256
843d5cc763997783ff1a0b6a0ff767ce2a79922689a1d45d679787c34b656fbb

SHA512
3afbee40b0a3984efc4b160b31f4b369402fa7a9f80541f55ffc0288ad7a96e7c43dd258e65300aabebc31e655aa9b49ffeb8424936ad73916fa50f386d83b88

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Filesize
1.3MB

MD5
8f397d77c9de1f1bfa2f3426d17b3687

SHA1
7ec58481ea480d22ae1ad243782b5ecc408e8217

SHA256
843d5cc763997783ff1a0b6a0ff767ce2a79922689a1d45d679787c34b656fbb

SHA512
3afbee40b0a3984efc4b160b31f4b369402fa7a9f80541f55ffc0288ad7a96e7c43dd258e65300aabebc31e655aa9b49ffeb8424936ad73916fa50f386d83b88

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.81549dc21f1dd3591e141d45b5ae3980.exe

Filesize
1.3MB

MD5
8f397d77c9de1f1bfa2f3426d17b3687

SHA1
7ec58481ea480d22ae1ad243782b5ecc408e8217

SHA256
843d5cc763997783ff1a0b6a0ff767ce2a79922689a1d45d679787c34b656fbb

SHA512
3afbee40b0a3984efc4b160b31f4b369402fa7a9f80541f55ffc0288ad7a96e7c43dd258e65300aabebc31e655aa9b49ffeb8424936ad73916fa50f386d83b88

Download Submit
memory/1648-0-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/1648-1-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/1648-4-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/1648-6-0x00000000003E0000-0x00000000003E2000-memory.dmp

Filesize
8KB

Download
memory/1648-33-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads