69f38c73cd1da3178151623084003c7094ffd99f91e320439d72fc011ec8803a

General

Target

NEAS.4928907bd634e329b1b362cdd6fed180.exe
Size

567KB
MD5

4928907bd634e329b1b362cdd6fed180
SHA1

c45a839d547836f6e550b0a29d54e1de60340a5f
SHA256

69f38c73cd1da3178151623084003c7094ffd99f91e320439d72fc011ec8803a
SHA512

781d7a1f67d515ffd4a9bacae500afb417637596e91e9bdad5a7430f42a8136b70ccbc693ea6765f594860b8a104a359145da8a8f6d74b537cdf5a72ed3f186f
SSDEEP

12288:AgO2dfeAjYlVuEk/qBiTyoCAOuiSAM9loypr3j1iIUbpdXWfi6rV:vO2JeAjYEEk/q2hvQIl5r9tx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2724	ISL_Light_Client_4_4_2234_55.exe

Loads dropped DLL 3 IoCs

pid	Process
1232	NEAS.4928907bd634e329b1b362cdd6fed180.exe
1232	NEAS.4928907bd634e329b1b362cdd6fed180.exe
2724	ISL_Light_Client_4_4_2234_55.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2724	ISL_Light_Client_4_4_2234_55.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 2724	1232	NEAS.4928907bd634e329b1b362cdd6fed180.exe	29
PID 1232 wrote to memory of 2724	1232	NEAS.4928907bd634e329b1b362cdd6fed180.exe	29
PID 1232 wrote to memory of 2724	1232	NEAS.4928907bd634e329b1b362cdd6fed180.exe	29
PID 1232 wrote to memory of 2724	1232	NEAS.4928907bd634e329b1b362cdd6fed180.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.4928907bd634e329b1b362cdd6fed180.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4928907bd634e329b1b362cdd6fed180.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698856849_1232_2652_783648383\ISL_Light_Client_4_4_2234_55.exe
  ISL_Light_Client_4_4_2234_55.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698856849_1232_2652_783648383\ISL_Light_Client_4_4_2234_55.exe

Filesize
1.2MB

MD5
131c27dddaaa6b3682aad5092559cb54

SHA1
b66c34026828f9ac3cc98339e7f5dfdc747ddfbc

SHA256
40772375ea3705fac5aadc1b5862e8404b660ce939dbd9082743adee9ec35e4e

SHA512
026549b19abec348e24369af9ebf721753c1683f009ac91f4982c06f1851328a9df19106d589855246f3651e42938b39f34b5fed245e093b9d556c0e74fdcaa7

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698856849_1232_2652_783648383\ISL_Light_Client_4_4_2234_55.exe

Filesize
1.2MB

MD5
131c27dddaaa6b3682aad5092559cb54

SHA1
b66c34026828f9ac3cc98339e7f5dfdc747ddfbc

SHA256
40772375ea3705fac5aadc1b5862e8404b660ce939dbd9082743adee9ec35e4e

SHA512
026549b19abec348e24369af9ebf721753c1683f009ac91f4982c06f1851328a9df19106d589855246f3651e42938b39f34b5fed245e093b9d556c0e74fdcaa7

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
35KB

MD5
7f02d2a6b49a32d02a2eb13517470dcd

SHA1
82edf0cd3ab69d711bff97c573d7a52f83a917ff

SHA256
c060e671a180a9e26ca007fe11648675f2c306c5ea6fad085dae483185b9d159

SHA512
210bfcd4042cf0fb1594fcee4b98302a838ae31d9fc2499486488b3dfa110efe9c05fa3303d73d49f63af183276ed911995581e135ef0a80a8029f33180d6e6c

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
7KB

MD5
f0d49cfdbd7d4440003534fb7e234301

SHA1
38cdd19945d7e880e2152738f546eb7761fc9431

SHA256
f41b32ccc45c488f519d97c61ffbdfadd68c26f37c6eff43f286c8c111f81400

SHA512
bed1eb224473387ede974bd4638805f9cbf46ef544b69623d3da4ef54f57d62543dedc8145834809d4fc6c12f27e28b87cfee68accfd63e63bfb7dee4be57cd3

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Filesize
2.3MB

MD5
247a0c7cb621f0edb4866e32959e1eb3

SHA1
41a375d701eed82b4ab46d857a376880f93809b7

SHA256
907e270711fd10735116488c48d010860d8e0f5612886a136b939cfbb9efc9ea

SHA512
3cca52e0c15fa62bbe2d35faddf698ba7f152e1d1835893c81db29db899497647af75e8675e06666240996c89dbb3706ad5ccb4824337ec5d887288d605673b4

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

Filesize
1.2MB

MD5
299a52e3e7b1a2f643a3e849db9a59fb

SHA1
05f1054445423ea7593622c7cd540a84b3a1e5fd

SHA256
4f9e68b5b4e43444b1388230b8c7ed44dceb8d9ea12ce8e0f80bba95210f0dae

SHA512
5fa28819c27b31f3e2fe5b57ab6ebb4f5adf16953f464e6328e3a973c8da424853b190e7a704f245ebe87490c54143f2ab477728809837af09d2e902bc5243a4

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698856849_1232_2652_783648383\ISL_Light_Client_4_4_2234_55.exe

Filesize
1.2MB

MD5
131c27dddaaa6b3682aad5092559cb54

SHA1
b66c34026828f9ac3cc98339e7f5dfdc747ddfbc

SHA256
40772375ea3705fac5aadc1b5862e8404b660ce939dbd9082743adee9ec35e4e

SHA512
026549b19abec348e24369af9ebf721753c1683f009ac91f4982c06f1851328a9df19106d589855246f3651e42938b39f34b5fed245e093b9d556c0e74fdcaa7

Download Submit
memory/2724-96-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing