585aaff5e0f19fc3e33ee918fcff51fdb212f0f8d9d285339b48bbe649c69d5d

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 07:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe
Size

79KB
MD5

c04f2d1ffd34ddb3da47ea55cb1334c0
SHA1

fcabb5f95ccbaf203598c6d99d8d277568b04a65
SHA256

585aaff5e0f19fc3e33ee918fcff51fdb212f0f8d9d285339b48bbe649c69d5d
SHA512

5c6d1cd106d37ee3f5f3f344dc48a05ed5367e5b72d713ccb8e06ab58fb8afe53fd9260451055987aa59cc1ec6c1b22825c2eba8847ea48e9c8aea2371ad6898
SSDEEP

1536:zvTWcksg0pOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvqvL0oGdqU7uy5w9WMyiN5G

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2148	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2624	cmd.exe
2624	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2624	2800	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	29
PID 2800 wrote to memory of 2624	2800	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	29
PID 2800 wrote to memory of 2624	2800	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	29
PID 2800 wrote to memory of 2624	2800	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	29
PID 2624 wrote to memory of 2148	2624	cmd.exe	30
PID 2624 wrote to memory of 2148	2624	cmd.exe	30
PID 2624 wrote to memory of 2148	2624	cmd.exe	30
PID 2624 wrote to memory of 2148	2624	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
47ae9e7263d6d64209496e1af70c79f5

SHA1
7a4d5ed8ce0f9f3cf51a93d81ca9b8f908dd404b

SHA256
dce71ea439b0f4c7d6b798a787f98809d671b59061a6e2f1b3ee9cbab308a491

SHA512
55d1395e63bbfa96304d133e53a09428ec794c37643ae3238bf50e1c890f42a0a45fee95c63f0576e9c7b0455d7e736da1c01a5ba70181c9b5a08102a9638f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
47ae9e7263d6d64209496e1af70c79f5

SHA1
7a4d5ed8ce0f9f3cf51a93d81ca9b8f908dd404b

SHA256
dce71ea439b0f4c7d6b798a787f98809d671b59061a6e2f1b3ee9cbab308a491

SHA512
55d1395e63bbfa96304d133e53a09428ec794c37643ae3238bf50e1c890f42a0a45fee95c63f0576e9c7b0455d7e736da1c01a5ba70181c9b5a08102a9638f66

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
47ae9e7263d6d64209496e1af70c79f5

SHA1
7a4d5ed8ce0f9f3cf51a93d81ca9b8f908dd404b

SHA256
dce71ea439b0f4c7d6b798a787f98809d671b59061a6e2f1b3ee9cbab308a491

SHA512
55d1395e63bbfa96304d133e53a09428ec794c37643ae3238bf50e1c890f42a0a45fee95c63f0576e9c7b0455d7e736da1c01a5ba70181c9b5a08102a9638f66

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
47ae9e7263d6d64209496e1af70c79f5

SHA1
7a4d5ed8ce0f9f3cf51a93d81ca9b8f908dd404b

SHA256
dce71ea439b0f4c7d6b798a787f98809d671b59061a6e2f1b3ee9cbab308a491

SHA512
55d1395e63bbfa96304d133e53a09428ec794c37643ae3238bf50e1c890f42a0a45fee95c63f0576e9c7b0455d7e736da1c01a5ba70181c9b5a08102a9638f66

Download Submit
memory/2148-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2800-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads