Overview

overview

7

Static

static

3

NEAS.f350b...30.exe

windows7-x64

7

NEAS.f350b...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 09:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.f350b76e872acf6baae86955e1359e30.exe

  • Size

    274KB

  • MD5

    f350b76e872acf6baae86955e1359e30

  • SHA1

    ba9d682569c463846828fafe1e0fe3da38c883a1

  • SHA256

    0f6fd910bed0e78ebdf2eeb13b5815ad0b3e311dc6810be31a45826a9576411b

  • SHA512

    356053a711005e60b2bd84db48a1dddf81a7dbd84074f41361de503e3873a727f5279c66a83d33ed0d6443dd5c0d75b15bb129e50b42cf9d58b34293e47bd156

  • SSDEEP

    6144:+YvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:+YvEbrUjp3SpWggd3JBPlPDIQ3g

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.f350b76e872acf6baae86955e1359e30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f350b76e872acf6baae86955e1359e30.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe"
        3⤵
        • Executes dropped EXE
        PID:2472

Network

  • flag-us
    DNS
    nwoccs.zapto.org
    lsassys.exe
    Remote address:
    8.8.8.8:53
    Request
    nwoccs.zapto.org
    IN A
    Response
No results found
  • 8.8.8.8:53
    nwoccs.zapto.org
    dns
    lsassys.exe
    62 B
     122 B
     1
    1

    DNS Request

    nwoccs.zapto.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\lsassys.exe
    Filesize

    274KB

    MD5

    10aa7c1f82f939c3bbd9933b9e2cc255

    SHA1

    9099e498bafc9cfb90b156ae055bf397f478a7a4

    SHA256

    bfb9204fa3250ca96ac0805e877bea10a70241723cc00d85abcbddc8efb972ae

    SHA512

    8a2b621d465482ca788e9964158942108465906d959c8d40ff7cf718453ed1d6f22ad93c8767df8473523482d942b3459dc706e81d0895297c8cad5b86175e27

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.