Overview

overview

7

Static

static

3

NEAS.25184...a0.exe

windows7-x64

7

NEAS.25184...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 13:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.25184b3c16101073ca87480d3f2132a0.exe

  • Size

    101KB

  • MD5

    25184b3c16101073ca87480d3f2132a0

  • SHA1

    29855b511de20709b17d8c59d06ab9ba794860cb

  • SHA256

    688e0aba0a6cad132c9a3755bfd69166c2d09458043d822b4b1afd10ea00e804

  • SHA512

    6bc59891b02be4ccea2eff3c7e6cde204cc3574417abeb1d6b306e941b94a371ba081176b249fb54c21857277f34b06e28dd7eb2da46e317744f62e25670b465

  • SSDEEP

    1536:0G2U/Wm/HG6aMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7BY:0VU/WV6aMauSuiWNi9CO+WARJrWNZE

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.25184b3c16101073ca87480d3f2132a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.25184b3c16101073ca87480d3f2132a0.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\ProgramData\Update\wuauclt.exe
      "C:\ProgramData\Update\wuauclt.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2900
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\NEAS.25184b3c16101073ca87480d3f2132a0.exe" >> NUL
      2⤵
      • Deletes itself
      PID:2792

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Update\wuauclt.exe
          Filesize

          101KB

          MD5

          8291fef9986438b839ef43c8644fd123

          SHA1

          9a3e0810421370ef511e8e7198da15d7161e6e1e

          SHA256

          9ca525101d86dc638e1705cdf8fbc5255c6a2a1848007dfb0090b9e55f77f91c

          SHA512

          9e159643d4180fb209579ecd47014a9db772a7d714213a04a7ea28155c9af0a31f561f3ca1206812e3c426f6caa0ff279c79957ea96d1cf1f02ea48ce568b291

          Download Submit

        • \ProgramData\Update\wuauclt.exe
          Filesize

          101KB

          MD5

          8291fef9986438b839ef43c8644fd123

          SHA1

          9a3e0810421370ef511e8e7198da15d7161e6e1e

          SHA256

          9ca525101d86dc638e1705cdf8fbc5255c6a2a1848007dfb0090b9e55f77f91c

          SHA512

          9e159643d4180fb209579ecd47014a9db772a7d714213a04a7ea28155c9af0a31f561f3ca1206812e3c426f6caa0ff279c79957ea96d1cf1f02ea48ce568b291

          Download Submit

        • memory/2612-0-0x0000000000080000-0x000000000009F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2612-4-0x00000000000A0000-0x00000000000BF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2612-7-0x0000000000080000-0x000000000009F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2612-8-0x00000000000A0000-0x00000000000BF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2612-10-0x0000000000080000-0x000000000009F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2900-9-0x0000000000230000-0x000000000024F000-memory.dmp

          Filesize

          124KB

          Download