Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
31/10/2023, 09:00
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e93e1dfb06e791938d6b2e090da85e60.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.e93e1dfb06e791938d6b2e090da85e60.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.e93e1dfb06e791938d6b2e090da85e60.exe
-
Size
34KB
-
MD5
e93e1dfb06e791938d6b2e090da85e60
-
SHA1
a4ec634d143d8a2a5c1bd1d2ec0f6269bab08b9f
-
SHA256
f6618ecceed655db5c80d702fe9511dbe206f981c8df937dc0f5f88893808e3e
-
SHA512
3fc8fe58e1f774cefe6b0ac13b3e658dad9e7df337bbf0625a98e1bbb55de6e62c663db505dba5aba53b1af380a22671cc5cb01b99566564493c9a0714f3931a
-
SSDEEP
384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4l8tFFxE2B0qwmC:btB9g/WItCSsAGjX7r3BTwmC
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 844 gewos.exe -
Loads dropped DLL 1 IoCs
pid Process 1316 NEAS.e93e1dfb06e791938d6b2e090da85e60.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1316 NEAS.e93e1dfb06e791938d6b2e090da85e60.exe 844 gewos.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1316 wrote to memory of 844 1316 NEAS.e93e1dfb06e791938d6b2e090da85e60.exe 28 PID 1316 wrote to memory of 844 1316 NEAS.e93e1dfb06e791938d6b2e090da85e60.exe 28 PID 1316 wrote to memory of 844 1316 NEAS.e93e1dfb06e791938d6b2e090da85e60.exe 28 PID 1316 wrote to memory of 844 1316 NEAS.e93e1dfb06e791938d6b2e090da85e60.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e93e1dfb06e791938d6b2e090da85e60.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e93e1dfb06e791938d6b2e090da85e60.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Users\Admin\AppData\Local\Temp\gewos.exe"C:\Users\Admin\AppData\Local\Temp\gewos.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:844
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
34KB
MD5da3494c3243b75033b2dd3b4007d4fbf
SHA1121fd6e133d86414ce701c952de39295c51cd21d
SHA256ef7b5ef2e87effe579689336406fba281eb5cbbaed822e371a3415025bb468c7
SHA5128aa9dd23c58bd7cd9275bf9cbd6e0b5df06c754389775952f9d7e8a2e9fd7a2caa22782ab9a3f0ebedaca6e63b81bc3d465690b558062924a374fde7a232e113
-
Filesize
34KB
MD5da3494c3243b75033b2dd3b4007d4fbf
SHA1121fd6e133d86414ce701c952de39295c51cd21d
SHA256ef7b5ef2e87effe579689336406fba281eb5cbbaed822e371a3415025bb468c7
SHA5128aa9dd23c58bd7cd9275bf9cbd6e0b5df06c754389775952f9d7e8a2e9fd7a2caa22782ab9a3f0ebedaca6e63b81bc3d465690b558062924a374fde7a232e113
-
Filesize
34KB
MD5da3494c3243b75033b2dd3b4007d4fbf
SHA1121fd6e133d86414ce701c952de39295c51cd21d
SHA256ef7b5ef2e87effe579689336406fba281eb5cbbaed822e371a3415025bb468c7
SHA5128aa9dd23c58bd7cd9275bf9cbd6e0b5df06c754389775952f9d7e8a2e9fd7a2caa22782ab9a3f0ebedaca6e63b81bc3d465690b558062924a374fde7a232e113