Overview

overview

8

Static

static

3

NEAS.26809...30.exe

windows7-x64

8

NEAS.26809...30.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2680912c45b3ba933b825391af443e30.exe

  • Size

    149KB

  • MD5

    2680912c45b3ba933b825391af443e30

  • SHA1

    66fd33e0f8fc67f53bdb9ceae79f1f16324bcb46

  • SHA256

    78a7787662cd3407c86221015660b0a812dc3d12660b9212cea8f446e6935a85

  • SHA512

    434b36fee6216b7d9063a5372851b8907e269473e975e261cf7f11e8d50fc7425d3ed52051a212e95b70bf7bccce76f05f16ed19f3904fc828067eff7cc4f17d

  • SSDEEP

    3072:h/BH9p/3K+AEkzgXrGqJM4qd3bGjhkqsXb8:hR9pTAEkz6rGq4Bbq2I

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2680912c45b3ba933b825391af443e30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2680912c45b3ba933b825391af443e30.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1948
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {829DCF4D-81F9-44F3-87D8-F10D40B22382} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\PROGRA~3\Mozilla\wwljcul.exe
      C:\PROGRA~3\Mozilla\wwljcul.exe -anxczaj
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\wwljcul.exe
    Filesize

    149KB

    MD5

    76ac3ff5af7977a5ab01e8e86c1f92fe

    SHA1

    1fb9f8a892f73ef35b4524c773849bfa23414949

    SHA256

    a5781b1b1078d806a1d076f20e5e63cf8a8fdc3816d247dbd13cf76bc55a5e6c

    SHA512

    5a67b2314b39f5b0f1316e502a51d5e0ad6f1ce8bb2bd5216fb9b709df14c068ac564870d3aa925c53f1f2d710f6bf0172720b6178471a298afc0335ced07b27

    Download Submit

  • C:\PROGRA~3\Mozilla\wwljcul.exe
    Filesize

    149KB

    MD5

    76ac3ff5af7977a5ab01e8e86c1f92fe

    SHA1

    1fb9f8a892f73ef35b4524c773849bfa23414949

    SHA256

    a5781b1b1078d806a1d076f20e5e63cf8a8fdc3816d247dbd13cf76bc55a5e6c

    SHA512

    5a67b2314b39f5b0f1316e502a51d5e0ad6f1ce8bb2bd5216fb9b709df14c068ac564870d3aa925c53f1f2d710f6bf0172720b6178471a298afc0335ced07b27

    Download Submit

  • memory/1948-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1948-1-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1948-7-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2620-14-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2620-15-0x0000000000360000-0x00000000003BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2620-21-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download