c1bab79170241949447265a91e27e0487c85b25b524f7129d8324ac553e18fbb

Analysis

max time kernel
163s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9844add79a9d2734862554ae10e205c0.exe
Size

170KB
MD5

9844add79a9d2734862554ae10e205c0
SHA1

6351beb2b99ea8545a7c52fe7c9f180df7c3937c
SHA256

c1bab79170241949447265a91e27e0487c85b25b524f7129d8324ac553e18fbb
SHA512

c7dffbc9f2ab646825228389f6fa5f079a9469993306c6fc110eee52278b45357de011bd9c8fdb132d333255dde5ecf84d1ac7c214986299829603424509d4cb
SSDEEP

3072:+5ERKdsNSE8jWf+FnGevgjFA+WzmLpJhJ4RpS:+wB8qonGeoFA0lyp

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4664	lrunner.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 4664	2688	NEAS.9844add79a9d2734862554ae10e205c0.exe	91
PID 2688 wrote to memory of 4664	2688	NEAS.9844add79a9d2734862554ae10e205c0.exe	91
PID 2688 wrote to memory of 4664	2688	NEAS.9844add79a9d2734862554ae10e205c0.exe	91

C:\Users\Admin\AppData\Local\Temp\NEAS.9844add79a9d2734862554ae10e205c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9844add79a9d2734862554ae10e205c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Users\Admin\AppData\Local\Temp\ln240657500\lrunner.exe
  "C:\Users\Admin\AppData\Local\Temp\\ln240657500\lrunner.exe" --bpl="eyJjbGlfdmVyIjogMiwgImluc3RhbGxfdXJsIjogImh0dHBzOi8vZ29zb2Z0ZGwubWFpbC5ydS9uYXBzLmV4ZSIsICJsb2NhdGlvbl9pZCI6ICJsYW5kX3BhcnRuZXJfbGl0ZSIsICJxdWVyeV9zdHJpbmciOiAicGFydG5lcl9uZXdfdXJsPWh0dHAlM0ElMkYlMkZsaXRlLWJyb2ZyZWUucnUlMkZhcGklMkZleHBlcmltZW50JTJGaW5zdGFsbCUzRnBiJTNEaHR0cCUzQSUyRiUyRm15dW5pdmVyc2FsbmsuY29tJTJGYXBpJTJGZ29hbCUzRnZpc2l0aWQlM0ROTHh5LWRiTDhxcTQyMEZIJm92cj0lMjRfX09WUiZndWlkPSUyNF9fR1VJRCZyZnI9ODY4MjAzJnVpZD0zNDkxNzAxNy1CQjcyLTYwMDAtNEEwNi1BQ0I4RjMxQUY0MkMmZXh0X2luc3RhbGxfY2FsbGJhY2s9aHR0cCUzQSUyRiUyRm15dW5pdmVyc2FsbmsuY29tJTJGYXBpJTJGZ29hbCUzRnZpc2l0aWQlM0ROTHh5LWRiTDhxcTQyMEZIJmFjdGlvbj1pbnN0YWxsJmNvbXA9JTdCY29tcG9uZW50JTdEJnBhaWQ9JTdCcGFpZCU3RCZwYT0lN0JwYWlkQWN0aW9uJTdEJnBiPSU3QnBhaWRCcm93c2VyJTdEJmJyPSU3QmJyb3dzZXIlN0QmYmMxPSU3QmJyb3dzZXJDbGFzczElN0QmYmMyPSU3QmJyb3dzZXJDbGFzczIlN0QmaWlkPSU3Qmluc3RhbGxJZCU3RCZyZnI9JTdCcmZyJTdEJmV4dF9vbmxpbmVfY2FsbGJhY2s9aHR0cCUzQSUyRiUyRm15dW5pdmVyc2FsbmsuY29tJTJGYXBpJTJGZ29hbCUzRnZpc2l0aWQlM0ROTHh5LWRiTDhxcTQyMEZIJmFjdGlvbj1vbmxpbmUmY29tcD0lN0Jjb21wb25lbnQlN0QmcGFpZD0lN0JwYWlkJTdEJnBhPSU3QnBhaWRBY3Rpb24lN0QmcGI9JTdCcGFpZEJyb3dzZXIlN0QmYnI9JTdCYnJvd3NlciU3RCZiYzE9JTdCYnJvd3NlckNsYXNzMSU3RCZiYzI9JTdCYnJvd3NlckNsYXNzMiU3RCZpaWQ9JTdCaW5zdGFsbElkJTdEJnJmcj0lN0JyZnIlN0QmZXh0X3BhcnRuZXJpZD1kc2UuMSUzQTgxMzM4MyUyQ2RzZS4yJTNBODEzNTgzJTJDaHAuMSUzQTgxMzMzMyUyQ2hwLjIlM0E4MTM1MzMlMkNydGIuMSUzQTgzMTE0NyUyQ3B1bHQuMSUzQTgxMzQzMyUyQ3B1bHQuMiUzQTgxMzYzMyUyQ3ZibS4xJTNBODEzNDMzJTJDdmJtLjIlM0E4MTM2MzMlMkNhbnkuMSUzQTgxMzQ4MyUyQ2FueS4yJTNBODEzNDgzJnBhcnRuZXJpZD04NjgyMDMmb2NsX3BhcmFtcz1odHRwJTNBJTJGJTJGbXl1bml2ZXJzYWxuay5jb20lMkZhcGklMkZnb2FsJTNGdmlzaXRpZCUzRE5MeHktZGJMOHFxNDIwRkgmZ3VpZD0lN0JndWlkJTdEJmNvbXA9b2NsJm9jbF9wYXJ0bmVyaWQ9ODQzMDA3JmFtX2RlZmF1bHQ9MSZ2Ym1faW5zdGFsbD0xJmhwX2luc3RhbGw9MSZkc2VfaW5zdGFsbD0xJm9jbF9pbnN0YWxsPTEmbGl0ZV9pbnN0YWxsPTElMkYiLCAidHMiOiAxNjk3OTUxMzYxfQ=="
  2⤵
  - Executes dropped EXE
  PID:4664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mail.Ru\Id

Filesize
38B

MD5
7eedc37c90fa6e4acaf5db88779d030b

SHA1
34347977200eb55b9da50546b1a8535ffb3d47a2

SHA256
0b4e88ffcba805265fae2f80e1ff6546e453531e0187f38b35d301c82528acd2

SHA512
eb750347925a1c97edb595392978b370598e1ba142229db9477ef75d1e622c769e183f46712936aa34672a0eb1471710f55ff54d4e44e36e04bf07c847264f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ln240657500\lrunner.exe

Filesize
1.0MB

MD5
a7b71ae87e24b876d61c51c431ee7f99

SHA1
8ab85ed18f25a8b9c11984c4fa7aa80dc9aa1f7a

SHA256
41a3b49116106380856a4fd567e02252968dad1c17debcd3aa80b11d65dd9306

SHA512
761caba7073cfdfb8b8e41a6298c0141ceb3cccfadcd1ebcc17a5d9583a3c59bb12ab9f20d45106ed34ce50fbbe01f19c1d059fd51aa5f9eda22140cfd9ed8ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\ln240657500\lrunner.exe

Filesize
1.0MB

MD5
a7b71ae87e24b876d61c51c431ee7f99

SHA1
8ab85ed18f25a8b9c11984c4fa7aa80dc9aa1f7a

SHA256
41a3b49116106380856a4fd567e02252968dad1c17debcd3aa80b11d65dd9306

SHA512
761caba7073cfdfb8b8e41a6298c0141ceb3cccfadcd1ebcc17a5d9583a3c59bb12ab9f20d45106ed34ce50fbbe01f19c1d059fd51aa5f9eda22140cfd9ed8ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads