4ec2ec4d4c76828d348556583fa210e02ad3d1b07743b1de59c16592a5772103

Analysis

max time kernel
93s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe
Size

61KB
MD5

f890d474bc11cbb1c3b873310bb93bc0
SHA1

b102480c0efbe65cb3f6c4466183886d3485b9c7
SHA256

4ec2ec4d4c76828d348556583fa210e02ad3d1b07743b1de59c16592a5772103
SHA512

9972e99777d9285d02a0aa198b0669802cf06d70728c7e9216ffedcec2ef6a0d172af2ad02434cf00af88395290e30a3085dec28528603dc9d678af87d303aa9
SSDEEP

1536:J+ZBskRHLMwIrHXu/4Ctd3FAhAYIi7Olba:ZkRHSHXu/JXFt7iylba

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	gst1zkusg.exe

Loads dropped DLL 2 IoCs

pid	Process
2776	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe
2776	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Windows\CurrentVersion\Run\aplgx1571m = "C:\\Users\\Admin\\AppData\\Roaming\\gst1zkusg.exe"	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2648	2776	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe	30
PID 2776 wrote to memory of 2648	2776	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe	30
PID 2776 wrote to memory of 2648	2776	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe	30
PID 2776 wrote to memory of 2648	2776	NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f890d474bc11cbb1c3b873310bb93bc0.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Users\Admin\AppData\Roaming\gst1zkusg.exe
  C:\Users\Admin\AppData\Roaming\gst1zkusg.exe
  2⤵
  - Executes dropped EXE
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\gst1zkusg.exe

Filesize
61KB

MD5
094134cc0d89fedb1e625b7cd3b9638c

SHA1
21dae0f94a0856d82dec26cfbed93a64f98ec87d

SHA256
30833235b17b61bf0ac40a8742682d248b02b7bab32d05e65e806c2a8f90264a

SHA512
d47dd98c7d5d8e7b23625d32bf344f1247af6d7cf0d7d1051e8e159cc7e7025d112e01908e10f0e075ed74375e142a08016091a177341b5f243e857675d96cac

Download Submit
C:\Users\Admin\AppData\Roaming\gst1zkusg.exe

Filesize
61KB

MD5
094134cc0d89fedb1e625b7cd3b9638c

SHA1
21dae0f94a0856d82dec26cfbed93a64f98ec87d

SHA256
30833235b17b61bf0ac40a8742682d248b02b7bab32d05e65e806c2a8f90264a

SHA512
d47dd98c7d5d8e7b23625d32bf344f1247af6d7cf0d7d1051e8e159cc7e7025d112e01908e10f0e075ed74375e142a08016091a177341b5f243e857675d96cac

Download Submit
C:\Users\Admin\AppData\Roaming\gst1zkusg.exe

Filesize
61KB

MD5
094134cc0d89fedb1e625b7cd3b9638c

SHA1
21dae0f94a0856d82dec26cfbed93a64f98ec87d

SHA256
30833235b17b61bf0ac40a8742682d248b02b7bab32d05e65e806c2a8f90264a

SHA512
d47dd98c7d5d8e7b23625d32bf344f1247af6d7cf0d7d1051e8e159cc7e7025d112e01908e10f0e075ed74375e142a08016091a177341b5f243e857675d96cac

Download Submit
\Users\Admin\AppData\Roaming\gst1zkusg.exe

Filesize
61KB

MD5
094134cc0d89fedb1e625b7cd3b9638c

SHA1
21dae0f94a0856d82dec26cfbed93a64f98ec87d

SHA256
30833235b17b61bf0ac40a8742682d248b02b7bab32d05e65e806c2a8f90264a

SHA512
d47dd98c7d5d8e7b23625d32bf344f1247af6d7cf0d7d1051e8e159cc7e7025d112e01908e10f0e075ed74375e142a08016091a177341b5f243e857675d96cac

Download Submit
\Users\Admin\AppData\Roaming\gst1zkusg.exe

Filesize
61KB

MD5
094134cc0d89fedb1e625b7cd3b9638c

SHA1
21dae0f94a0856d82dec26cfbed93a64f98ec87d

SHA256
30833235b17b61bf0ac40a8742682d248b02b7bab32d05e65e806c2a8f90264a

SHA512
d47dd98c7d5d8e7b23625d32bf344f1247af6d7cf0d7d1051e8e159cc7e7025d112e01908e10f0e075ed74375e142a08016091a177341b5f243e857675d96cac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads