f560ee75438dbc63c624fcb5a505219217cfcf7c8b294ab5a13d0ee33fba3317

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe
Size

66KB
MD5

bbbc49328295dcbfba8a2a4414d0cef0
SHA1

74edf05b01fd9d468f00511206f3e4bca7293e0e
SHA256

f560ee75438dbc63c624fcb5a505219217cfcf7c8b294ab5a13d0ee33fba3317
SHA512

41c643b6ddcb973e999d30f7882bef7f5b2e66f8989db56de1d969f52eb67b638ddb6507029ebc9f8dfae998072d0de26a9e9159681bf915ad5eb10033a868ed
SSDEEP

768:jxDDnyAiIbhn+oRTaFSxjquEDFAnA1tLRNk2djaYoCMHosOAJCC5NVNC5P3C9hLQ:jxDDnd1Raqq2uBNdSCMACjCPy9hLQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2620	hcbnaf.exe

Loads dropped DLL 1 IoCs

pid	Process
2760	NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2620	2760	NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe	29
PID 2760 wrote to memory of 2620	2760	NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe	29
PID 2760 wrote to memory of 2620	2760	NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe	29
PID 2760 wrote to memory of 2620	2760	NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bbbc49328295dcbfba8a2a4414d0cef0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
  "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
  2⤵
  - Executes dropped EXE
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
66KB

MD5
ee54c0b151002c200a31f4b1c5aac06c

SHA1
bba6021c35b018e696a1c6e36b19ecf52276b52f

SHA256
71e9c3c7646ab9492716ef6ddb1664f0c8b8468ea4917bbe26b50eb7a2250093

SHA512
d16c0049cb30b8e27a0c3f1f6060c7d8c68dbc126e253180636e7d78ac30ede0d2a5c6d47e0446df4c9d4ba6094a301a0b98b3865bcc0d6a4e88add37acb535f

Download Submit
C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
66KB

MD5
ee54c0b151002c200a31f4b1c5aac06c

SHA1
bba6021c35b018e696a1c6e36b19ecf52276b52f

SHA256
71e9c3c7646ab9492716ef6ddb1664f0c8b8468ea4917bbe26b50eb7a2250093

SHA512
d16c0049cb30b8e27a0c3f1f6060c7d8c68dbc126e253180636e7d78ac30ede0d2a5c6d47e0446df4c9d4ba6094a301a0b98b3865bcc0d6a4e88add37acb535f

Download Submit
\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
66KB

MD5
ee54c0b151002c200a31f4b1c5aac06c

SHA1
bba6021c35b018e696a1c6e36b19ecf52276b52f

SHA256
71e9c3c7646ab9492716ef6ddb1664f0c8b8468ea4917bbe26b50eb7a2250093

SHA512
d16c0049cb30b8e27a0c3f1f6060c7d8c68dbc126e253180636e7d78ac30ede0d2a5c6d47e0446df4c9d4ba6094a301a0b98b3865bcc0d6a4e88add37acb535f

Download Submit
memory/2620-8-0x00000000000F0000-0x00000000000F4000-memory.dmp

Filesize
16KB

Download
memory/2760-1-0x0000000000080000-0x0000000000084000-memory.dmp

Filesize
16KB

Download