2ad90bd0574d09867ad1806ba796e582d661856bcf93bbc394ffff8ecb1c82da

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe
Size

885KB
MD5

7b3be09d9c3546fe2410b8adfecd9cb0
SHA1

3b5081aa3e097b7cbf35898f5c41606659844bd3
SHA256

2ad90bd0574d09867ad1806ba796e582d661856bcf93bbc394ffff8ecb1c82da
SHA512

80d66a250a48cf607f33d43791b0f30a14f59f6becec54de967d2a6bac566891e3a9506ae529c578448e4ebca6de20fe9e06015dbf9e587dfe16342eb12daf8a
SSDEEP

6144:zQGy5HRVQq9NUTiu88UlJK5qXY3g7wCMTz75ZSwABrxxJa/YESy:zQGyXSq90U8UlJxwg875kjlDa/ZSy

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Executes dropped EXE 1 IoCs

pid	Process
2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Loads dropped DLL 4 IoCs

pid	Process
2040	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	2548	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2040	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2548	2040	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	29
PID 2040 wrote to memory of 2548	2040	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	29
PID 2040 wrote to memory of 2548	2040	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	29
PID 2040 wrote to memory of 2548	2040	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	29
PID 2548 wrote to memory of 2956	2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	30
PID 2548 wrote to memory of 2956	2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	30
PID 2548 wrote to memory of 2956	2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	30
PID 2548 wrote to memory of 2956	2548	NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 144
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Filesize
885KB

MD5
f53c9798464963805a96df824e25c607

SHA1
dcb6db44394b772a247ee488320e9948a524f817

SHA256
ac1b6606e595711c404d184a2840a4024d89c7aec94726df605ff508edfdb9c7

SHA512
795e5bb483846e7ba2b70107a364f5fa085fc72c3263c08ce8a05ebd78493714239f8855d8db6a791fc6025f5fa72ce2e5f17100141896487ddc131f93ad844d

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Filesize
885KB

MD5
f53c9798464963805a96df824e25c607

SHA1
dcb6db44394b772a247ee488320e9948a524f817

SHA256
ac1b6606e595711c404d184a2840a4024d89c7aec94726df605ff508edfdb9c7

SHA512
795e5bb483846e7ba2b70107a364f5fa085fc72c3263c08ce8a05ebd78493714239f8855d8db6a791fc6025f5fa72ce2e5f17100141896487ddc131f93ad844d

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Filesize
885KB

MD5
f53c9798464963805a96df824e25c607

SHA1
dcb6db44394b772a247ee488320e9948a524f817

SHA256
ac1b6606e595711c404d184a2840a4024d89c7aec94726df605ff508edfdb9c7

SHA512
795e5bb483846e7ba2b70107a364f5fa085fc72c3263c08ce8a05ebd78493714239f8855d8db6a791fc6025f5fa72ce2e5f17100141896487ddc131f93ad844d

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Filesize
885KB

MD5
f53c9798464963805a96df824e25c607

SHA1
dcb6db44394b772a247ee488320e9948a524f817

SHA256
ac1b6606e595711c404d184a2840a4024d89c7aec94726df605ff508edfdb9c7

SHA512
795e5bb483846e7ba2b70107a364f5fa085fc72c3263c08ce8a05ebd78493714239f8855d8db6a791fc6025f5fa72ce2e5f17100141896487ddc131f93ad844d

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.7b3be09d9c3546fe2410b8adfecd9cb0.exe

Filesize
885KB

MD5
f53c9798464963805a96df824e25c607

SHA1
dcb6db44394b772a247ee488320e9948a524f817

SHA256
ac1b6606e595711c404d184a2840a4024d89c7aec94726df605ff508edfdb9c7

SHA512
795e5bb483846e7ba2b70107a364f5fa085fc72c3263c08ce8a05ebd78493714239f8855d8db6a791fc6025f5fa72ce2e5f17100141896487ddc131f93ad844d

Download Submit
memory/2040-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2040-6-0x0000000003090000-0x0000000003178000-memory.dmp

Filesize
928KB

Download
memory/2040-8-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2548-10-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2548-11-0x0000000002E60000-0x0000000002F48000-memory.dmp

Filesize
928KB

Download
memory/2548-15-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download