Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
02/11/2023, 08:38
Behavioral task
behavioral1
Sample
NEAS.aae9a8166f1cea35342e235e3e648250.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.aae9a8166f1cea35342e235e3e648250.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.aae9a8166f1cea35342e235e3e648250.exe
-
Size
82KB
-
MD5
aae9a8166f1cea35342e235e3e648250
-
SHA1
12c78a65fb11d1ac86513f850c5434efe1b9b7f9
-
SHA256
da6dfbc3fe32b79e100fef16d87e2bfdbe79b0a6555842a2a76e3b7237d627f3
-
SHA512
0c410ae2de2d14d5170a4b1048d6c5249192400d2262b89cd29538fe8d8baedeafed61b4b6c7bef183ad5f05b197c6d869a86ca342bafc7ad1d93af1bbf87f1b
-
SSDEEP
1536:pxZcNZEPWZMTXC/s8taZKvD8vlH2v4XClRFTMu0CmuJd4BXm:biZ56TXC/rtaZKrW/XWRFAuBbd4I
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2744 NEAS.aae9a8166f1cea35342e235e3e648250.exe -
Executes dropped EXE 1 IoCs
pid Process 2744 NEAS.aae9a8166f1cea35342e235e3e648250.exe -
Loads dropped DLL 1 IoCs
pid Process 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe -
resource yara_rule behavioral1/memory/2008-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral1/files/0x00070000000120bd-10.dat upx behavioral1/files/0x00070000000120bd-16.dat upx behavioral1/memory/2744-17-0x0000000000400000-0x000000000043A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe 2744 NEAS.aae9a8166f1cea35342e235e3e648250.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 2744 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe 29 PID 2008 wrote to memory of 2744 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe 29 PID 2008 wrote to memory of 2744 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe 29 PID 2008 wrote to memory of 2744 2008 NEAS.aae9a8166f1cea35342e235e3e648250.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aae9a8166f1cea35342e235e3e648250.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aae9a8166f1cea35342e235e3e648250.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\NEAS.aae9a8166f1cea35342e235e3e648250.exeC:\Users\Admin\AppData\Local\Temp\NEAS.aae9a8166f1cea35342e235e3e648250.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2744
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5a67416c99b50ce51be093fab3afcfc73
SHA1524a121c0760ac1784c01ab249fa547585a2aff2
SHA256e360c76725b3b44aea0fbf4a82840f3a3cc18f434c741471866fa295b16dc566
SHA51242bb9a1c9a14f6e3de1f95e6a6405d3e0b7bd8dae885156b2014c89442be9ecee0a6654d3cac77da03f66bb24aa9d3a4c322eacac6d2840d65cb4603c1a67078
-
Filesize
82KB
MD5a67416c99b50ce51be093fab3afcfc73
SHA1524a121c0760ac1784c01ab249fa547585a2aff2
SHA256e360c76725b3b44aea0fbf4a82840f3a3cc18f434c741471866fa295b16dc566
SHA51242bb9a1c9a14f6e3de1f95e6a6405d3e0b7bd8dae885156b2014c89442be9ecee0a6654d3cac77da03f66bb24aa9d3a4c322eacac6d2840d65cb4603c1a67078