Overview

overview

7

Static

static

3

NEAS.674f8...90.exe

windows7-x64

6

NEAS.674f8...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-11-2023 14:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.674f85e97bdb886c6f76e7ad5cf05d90.exe

  • Size

    1.6MB

  • MD5

    674f85e97bdb886c6f76e7ad5cf05d90

  • SHA1

    7944941874daefd24ba31f118b0c48d437301303

  • SHA256

    57de148fea83f7d6a9e5f1a1ebf1cc2a63ea3902a1d89653db24f83fddaadb58

  • SHA512

    b7defcc725a7b4c659285dfd8e4663f85f78c7d8b0d9b27e51fa4b99c85f08455db988b2125a333d404b41dcd6e4485ef31b92266c6784c1e79fa8a9bea2d070

  • SSDEEP

    24576:eLILY8Xu/3y8UsG2BgYLicwnkJnCHdebUKyZURQ1TgjTH:ZYrC8UsGuTw4CHdeQKyZURQ1EjTH

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.674f85e97bdb886c6f76e7ad5cf05d90.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.674f85e97bdb886c6f76e7ad5cf05d90.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\NEAS.674f85e97bdb886c6f76e7ad5cf05d90.doc" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\355514286.tmp
    Filesize

    1.6MB

    MD5

    674f85e97bdb886c6f76e7ad5cf05d90

    SHA1

    7944941874daefd24ba31f118b0c48d437301303

    SHA256

    57de148fea83f7d6a9e5f1a1ebf1cc2a63ea3902a1d89653db24f83fddaadb58

    SHA512

    b7defcc725a7b4c659285dfd8e4663f85f78c7d8b0d9b27e51fa4b99c85f08455db988b2125a333d404b41dcd6e4485ef31b92266c6784c1e79fa8a9bea2d070

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.674f85e97bdb886c6f76e7ad5cf05d90.doc
    Filesize

    41KB

    MD5

    075b745956d473c5a06d4a588ed560f7

    SHA1

    de12b14e07b1612db081078c41a2105d7ae12669

    SHA256

    de83738c15275fdb153937b60ba5f86c9886537a50ab95f8eb5642f7c2753e1e

    SHA512

    29304771a2878600a26d85f5c254a7eb9827fb35dc59efeea2dab097e4eb3c82e7dbb4e33473c9dac377973fb69039a39490986cf2fa3561166b7e0ddde25265

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.674f85e97bdb886c6f76e7ad5cf05d90.doc
    Filesize

    41KB

    MD5

    075b745956d473c5a06d4a588ed560f7

    SHA1

    de12b14e07b1612db081078c41a2105d7ae12669

    SHA256

    de83738c15275fdb153937b60ba5f86c9886537a50ab95f8eb5642f7c2753e1e

    SHA512

    29304771a2878600a26d85f5c254a7eb9827fb35dc59efeea2dab097e4eb3c82e7dbb4e33473c9dac377973fb69039a39490986cf2fa3561166b7e0ddde25265

    Download Submit

  • memory/3720-35-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-89-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-32-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-33-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-34-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-29-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-46-0x00007FFAECBD0000-0x00007FFAECBE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-37-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-38-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-39-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-40-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-41-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-42-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-43-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-87-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-31-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-36-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-47-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-48-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-49-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-50-0x00007FFAECBD0000-0x00007FFAECBE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-30-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-61-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-62-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-63-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-84-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-85-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-86-0x00007FFAEEF50000-0x00007FFAEEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3720-88-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-45-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-90-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3720-44-0x00007FFB2EED0000-0x00007FFB2F0C5000-memory.dmp

    Filesize

    2.0MB

    Download