0c29bc3d92b54ad3633484a43214e9492c84d0faf6f6985770c052b2e5b677f5

Analysis

max time kernel
251s
max time network
287s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02-11-2023 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe
Size

4KB
MD5

df5ada6374033ee2b33c43d140bfab50
SHA1

638d6e0a08763d35039af9a7461b698000c72a72
SHA256

0c29bc3d92b54ad3633484a43214e9492c84d0faf6f6985770c052b2e5b677f5
SHA512

377cc7e8fdd9a3acc8df4dc44952b19e9399576f78253db607c672a0059af0e73d554afdaba1e0b28e8e8d43c0596e3d910ba6f705c6b84defcd0bf148cafaf3
SSDEEP

48:Zfvi+Wyi18DN0nCWTVE6/c9fhXcGEY3sJd9ga9VRsSp3n6nA7B8mOo4jUx7UStnA:ZSv4mQMKh9ctgCVRFEnKymV44zZjwx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2540	kbswl.exe

Loads dropped DLL 2 IoCs

pid	Process
2528	NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe
2528	NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2540	2528	NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe	28
PID 2528 wrote to memory of 2540	2528	NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe	28
PID 2528 wrote to memory of 2540	2528	NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe	28
PID 2528 wrote to memory of 2540	2528	NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASdf5ada6374033ee2b33c43d140bfab50exe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\kbswl.exe
  "C:\Users\Admin\AppData\Local\Temp\kbswl.exe"
  2⤵
  - Executes dropped EXE
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
4KB

MD5
e6e1a63ae628ceb75810a3c8347452b5

SHA1
70c3756a223b85eb66379ebae3c629559613ac40

SHA256
603b6f70ee70c342a82a57644b97ed23005649fe4574c8e60904eebc11e7a1a1

SHA512
c68b104f05b32fc9ef08de53451fec6e71386f0218c96424f15b7d4d580374a11de8624a19f8ef31493b1a54854221af596631fdd95652650a2e6bf8dd8e7123

Download Submit
C:\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
4KB

MD5
e6e1a63ae628ceb75810a3c8347452b5

SHA1
70c3756a223b85eb66379ebae3c629559613ac40

SHA256
603b6f70ee70c342a82a57644b97ed23005649fe4574c8e60904eebc11e7a1a1

SHA512
c68b104f05b32fc9ef08de53451fec6e71386f0218c96424f15b7d4d580374a11de8624a19f8ef31493b1a54854221af596631fdd95652650a2e6bf8dd8e7123

Download Submit
C:\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
4KB

MD5
e6e1a63ae628ceb75810a3c8347452b5

SHA1
70c3756a223b85eb66379ebae3c629559613ac40

SHA256
603b6f70ee70c342a82a57644b97ed23005649fe4574c8e60904eebc11e7a1a1

SHA512
c68b104f05b32fc9ef08de53451fec6e71386f0218c96424f15b7d4d580374a11de8624a19f8ef31493b1a54854221af596631fdd95652650a2e6bf8dd8e7123

Download Submit
\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
4KB

MD5
e6e1a63ae628ceb75810a3c8347452b5

SHA1
70c3756a223b85eb66379ebae3c629559613ac40

SHA256
603b6f70ee70c342a82a57644b97ed23005649fe4574c8e60904eebc11e7a1a1

SHA512
c68b104f05b32fc9ef08de53451fec6e71386f0218c96424f15b7d4d580374a11de8624a19f8ef31493b1a54854221af596631fdd95652650a2e6bf8dd8e7123

Download Submit
\Users\Admin\AppData\Local\Temp\kbswl.exe

Filesize
4KB

MD5
e6e1a63ae628ceb75810a3c8347452b5

SHA1
70c3756a223b85eb66379ebae3c629559613ac40

SHA256
603b6f70ee70c342a82a57644b97ed23005649fe4574c8e60904eebc11e7a1a1

SHA512
c68b104f05b32fc9ef08de53451fec6e71386f0218c96424f15b7d4d580374a11de8624a19f8ef31493b1a54854221af596631fdd95652650a2e6bf8dd8e7123

Download Submit