6a3174b7694b7a4856ad7469060caa7f695e53833a0e8e99d8634f1651309333

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.fb3173656cd202c4630a572ac23e7310.exe
Size

89KB
MD5

fb3173656cd202c4630a572ac23e7310
SHA1

5784e292bd78955a531d61af1d2c0f875fda5a46
SHA256

6a3174b7694b7a4856ad7469060caa7f695e53833a0e8e99d8634f1651309333
SHA512

e3f609d7b7544c959da7591a6e413a69e8d31478b24ee1583454d005f1fc411168c7496f0b343e02c554e8bed79cfbf2f9a36e468f4fd687e853391ebb565c95
SSDEEP

1536:o6es30MrdpKENdHgjt7dh2Z28IU/WVds2AhO2XEXySOIPywIpIQjNleomXf44yv/:Btp/hNqjt7d228N/75hjEpPynaEURPy3

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2988	NEAS.fb3173656cd202c4630a572ac23e7310.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	NEAS.fb3173656cd202c4630a572ac23e7310.exe

Loads dropped DLL 1 IoCs

pid	Process
2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe
2988	NEAS.fb3173656cd202c4630a572ac23e7310.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2988	2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe	29
PID 2960 wrote to memory of 2988	2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe	29
PID 2960 wrote to memory of 2988	2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe	29
PID 2960 wrote to memory of 2988	2960	NEAS.fb3173656cd202c4630a572ac23e7310.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.fb3173656cd202c4630a572ac23e7310.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.fb3173656cd202c4630a572ac23e7310.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\NEAS.fb3173656cd202c4630a572ac23e7310.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.fb3173656cd202c4630a572ac23e7310.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.fb3173656cd202c4630a572ac23e7310.exe

Filesize
89KB

MD5
0d6e6754a60d42f21ffa6ae8ab9e3cdd

SHA1
4462f561a8fc989551af5ca6a63721fb17bfe010

SHA256
b02e72e3a7642ab0a755a543498752d4acde68e15c221d8a076ba65f7e641e66

SHA512
603a1ca0606e82f7afa0ef5a5a6c8efff0650122f9aa52a4c7a39c9f26e25216e690823b127acca6f3581a004877dd1ab61791bba3056dfe0edfcc2eab73d205

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.fb3173656cd202c4630a572ac23e7310.exe

Filesize
89KB

MD5
0d6e6754a60d42f21ffa6ae8ab9e3cdd

SHA1
4462f561a8fc989551af5ca6a63721fb17bfe010

SHA256
b02e72e3a7642ab0a755a543498752d4acde68e15c221d8a076ba65f7e641e66

SHA512
603a1ca0606e82f7afa0ef5a5a6c8efff0650122f9aa52a4c7a39c9f26e25216e690823b127acca6f3581a004877dd1ab61791bba3056dfe0edfcc2eab73d205

Download Submit
memory/2960-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2960-1-0x00000000000D0000-0x0000000000103000-memory.dmp

Filesize
204KB

Download
memory/2960-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2960-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2960-12-0x00000000001B0000-0x00000000001E3000-memory.dmp

Filesize
204KB

Download
memory/2988-17-0x00000000001C0000-0x00000000001F3000-memory.dmp

Filesize
204KB

Download
memory/2988-24-0x0000000000330000-0x000000000034B000-memory.dmp

Filesize
108KB

Download
memory/2988-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2988-29-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download