Analysis
-
max time kernel
163s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 07:42
General
-
Target
NEAS.e2bf71ea3e0d65793793ff14da668600.exe
-
Size
2.2MB
-
MD5
e2bf71ea3e0d65793793ff14da668600
-
SHA1
cd1fa35e9489e247aed6fb016cd4b26634ce86bd
-
SHA256
b7b23e7e5129c6562a21bed20c8d9c2f62e3c56cda6524d8b96fb048632a2879
-
SHA512
0d056a663b084b083b2ae443cc53e2df6a6955c476f1be1df9987096f2a5ad42c1f6f42f4a0ea2947fc17d974b54b20bdb089deaa728cefc764681e7d02be156
-
SSDEEP
49152:M1K3cmsvMwMxEKHWB+28B942wnZxXJMNcDxngRPh/Xn4gJOtUUFrKMe9fV:Mo1shMWKHC+H9dwnZxXeNcDxnYPh/X4O
Score
8/10
Malware Config
Signatures
-
Stops running service(s) 3 TTPs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 15 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e2bf71ea3e0d65793793ff14da668600.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e2bf71ea3e0d65793793ff14da668600.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c sc stop IxijyXWUAUServYMHv2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\sc.exesc stop IxijyXWUAUServYMHv3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c del c:\windows\yarfn.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB