Overview

overview

7

Static

static

3

NEAS.c6442...a0.exe

windows7-x64

7

NEAS.c6442...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2023 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c644243bee565a6ab762e5d3c19cb4a0.exe

  • Size

    175KB

  • MD5

    c644243bee565a6ab762e5d3c19cb4a0

  • SHA1

    c8123f0c86f23d1d3bca35c852e82b9400619aa4

  • SHA256

    50ea5ee5e31e99c3a9d3aea4376328d5da950a3bca4df4da98aa2a181c081cd3

  • SHA512

    29908103a4cac6e619aeed96c9a05ecd4707bc4bb0157df725cb43207f1f6f3759b5a20c51b6e0ff145ecc5eb8f235b1c11a180ae37ed40b2e3956098addbeaf

  • SSDEEP

    3072:KiHYMg3+a0IMBzUzjiSbUGUpoYF7I8Of97wAe+1eQVSX3hViKI6ecrzTqVsvDmZW:x4T3+tIfjiS4GJYF7I8IZ3eAeQ0Zea3x

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c644243bee565a6ab762e5d3c19cb4a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c644243bee565a6ab762e5d3c19cb4a0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 356
      2⤵
      • Program crash
      PID:4256
    • C:\Users\Admin\AppData\Local\Temp\NEAS.c644243bee565a6ab762e5d3c19cb4a0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.c644243bee565a6ab762e5d3c19cb4a0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 360
        3⤵
        • Program crash
        PID:824
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 768
        3⤵
        • Program crash
        PID:3268
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 772
        3⤵
        • Program crash
        PID:4472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 768
        3⤵
        • Program crash
        PID:2324
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4480 -ip 4480
    1⤵
      PID:3044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 996 -ip 996
      1⤵
        PID:4292
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 996 -ip 996
        1⤵
          PID:1968
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 996 -ip 996
          1⤵
            PID:3100
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 996 -ip 996
            1⤵
              PID:4964

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\NEAS.c644243bee565a6ab762e5d3c19cb4a0.exe
              Filesize

              175KB

              MD5

              35f1756232a706bec8e7171ac1017e1d

              SHA1

              c38b02c65b7bef6c58300436c096e14efa7bad53

              SHA256

              607f61d35d4b443f6b4d4681a3ee1338ee553ed07581ca93352826cbbe2d05e0

              SHA512

              b108e98d10e7fd0f827f16db1812883f533198def4d933226fc8f977c0fc38e2fba7e154d951abac0c1d239dba94ff5096fb09c4b8615f7b80e30c2ccafea63f

              Download Submit

            • memory/996-6-0x0000000000400000-0x0000000000433000-memory.dmp

              Filesize

              204KB

              Download

            • memory/996-8-0x00000000014D0000-0x0000000001503000-memory.dmp

              Filesize

              204KB

              Download

            • memory/996-9-0x0000000000400000-0x0000000000415000-memory.dmp

              Filesize

              84KB

              Download

            • memory/996-14-0x0000000000400000-0x0000000000433000-memory.dmp

              Filesize

              204KB

              Download

            • memory/4480-0-0x0000000000400000-0x0000000000433000-memory.dmp

              Filesize

              204KB

              Download

            • memory/4480-7-0x0000000000400000-0x0000000000433000-memory.dmp

              Filesize

              204KB

              Download