69f38c73cd1da3178151623084003c7094ffd99f91e320439d72fc011ec8803a

Analysis

max time kernel
155s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4928907bd634e329b1b362cdd6fed180.exe
Size

567KB
MD5

4928907bd634e329b1b362cdd6fed180
SHA1

c45a839d547836f6e550b0a29d54e1de60340a5f
SHA256

69f38c73cd1da3178151623084003c7094ffd99f91e320439d72fc011ec8803a
SHA512

781d7a1f67d515ffd4a9bacae500afb417637596e91e9bdad5a7430f42a8136b70ccbc693ea6765f594860b8a104a359145da8a8f6d74b537cdf5a72ed3f186f
SSDEEP

12288:AgO2dfeAjYlVuEk/qBiTyoCAOuiSAM9loypr3j1iIUbpdXWfi6rV:vO2JeAjYEEk/q2hvQIl5r9tx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5104	ISL_Light_Client_4_4_2234_55.exe

Loads dropped DLL 2 IoCs

pid	Process
3816	NEAS.4928907bd634e329b1b362cdd6fed180.exe
5104	ISL_Light_Client_4_4_2234_55.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5104	ISL_Light_Client_4_4_2234_55.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 5104	3816	NEAS.4928907bd634e329b1b362cdd6fed180.exe	94
PID 3816 wrote to memory of 5104	3816	NEAS.4928907bd634e329b1b362cdd6fed180.exe	94
PID 3816 wrote to memory of 5104	3816	NEAS.4928907bd634e329b1b362cdd6fed180.exe	94

C:\Users\Admin\AppData\Local\Temp\NEAS.4928907bd634e329b1b362cdd6fed180.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4928907bd634e329b1b362cdd6fed180.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698857027_3816_4292_1268318088\ISL_Light_Client_4_4_2234_55.exe
  ISL_Light_Client_4_4_2234_55.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Filesize
2.3MB

MD5
247a0c7cb621f0edb4866e32959e1eb3

SHA1
41a375d701eed82b4ab46d857a376880f93809b7

SHA256
907e270711fd10735116488c48d010860d8e0f5612886a136b939cfbb9efc9ea

SHA512
3cca52e0c15fa62bbe2d35faddf698ba7f152e1d1835893c81db29db899497647af75e8675e06666240996c89dbb3706ad5ccb4824337ec5d887288d605673b4

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

Filesize
1.2MB

MD5
299a52e3e7b1a2f643a3e849db9a59fb

SHA1
05f1054445423ea7593622c7cd540a84b3a1e5fd

SHA256
4f9e68b5b4e43444b1388230b8c7ed44dceb8d9ea12ce8e0f80bba95210f0dae

SHA512
5fa28819c27b31f3e2fe5b57ab6ebb4f5adf16953f464e6328e3a973c8da424853b190e7a704f245ebe87490c54143f2ab477728809837af09d2e902bc5243a4

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698857027_3816_4292_1268318088\ISL_Light_Client_4_4_2234_55.exe

Filesize
1.2MB

MD5
131c27dddaaa6b3682aad5092559cb54

SHA1
b66c34026828f9ac3cc98339e7f5dfdc747ddfbc

SHA256
40772375ea3705fac5aadc1b5862e8404b660ce939dbd9082743adee9ec35e4e

SHA512
026549b19abec348e24369af9ebf721753c1683f009ac91f4982c06f1851328a9df19106d589855246f3651e42938b39f34b5fed245e093b9d556c0e74fdcaa7

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1698857027_3816_4292_1268318088\ISL_Light_Client_4_4_2234_55.exe

Filesize
1.2MB

MD5
131c27dddaaa6b3682aad5092559cb54

SHA1
b66c34026828f9ac3cc98339e7f5dfdc747ddfbc

SHA256
40772375ea3705fac5aadc1b5862e8404b660ce939dbd9082743adee9ec35e4e

SHA512
026549b19abec348e24369af9ebf721753c1683f009ac91f4982c06f1851328a9df19106d589855246f3651e42938b39f34b5fed245e093b9d556c0e74fdcaa7

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
7KB

MD5
3092007d91107ab72348ad74116e5d08

SHA1
ac91bf4a6a0888292b93d78eee71e8173656f284

SHA256
6d66c08bb555a02b48c9a48762b07dc275038168a0c5ae86d12302ae6575b3de

SHA512
6c22def31c4e5e7cd333290728adeead624e197882b6126198d20ff6659954bc9b4aa3315ac08886e8f7908eb12516b26bec8540483e3db3151335ed3b306ed9

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
36KB

MD5
0de5d02612a520cf394ca534e4315269

SHA1
3d5a3243118ecbd272238c0b80283e9eb7f29f2e

SHA256
3b927b943e9effdf9a27fe42696fbf53a469c3aebd9563a2329e02e928806f43

SHA512
2c31e8cc95588cf317329fbce011c6dfb7a8e728995deb847e57742461ad76647eb6997311ac528a6f8a9a3def316da23018a2b817764cb65e09f6d611f5f024

Download Submit
memory/5104-129-0x0000000003040000-0x0000000003041000-memory.dmp

Filesize
4KB

Download
memory/5104-132-0x0000000003070000-0x0000000003071000-memory.dmp

Filesize
4KB

Download
memory/5104-131-0x0000000003060000-0x0000000003061000-memory.dmp

Filesize
4KB

Download
memory/5104-130-0x0000000003050000-0x0000000003051000-memory.dmp

Filesize
4KB

Download
memory/5104-128-0x0000000003030000-0x0000000003031000-memory.dmp

Filesize
4KB

Download
memory/5104-126-0x0000000001560000-0x0000000001561000-memory.dmp

Filesize
4KB

Download
memory/5104-127-0x0000000003020000-0x0000000003021000-memory.dmp

Filesize
4KB

Download