Overview

overview

6

Static

static

1

NEAS.3f496...60.dll

windows7-x64

6

NEAS.3f496...60.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.3f496edde00144cd89b1459c5b2c9a60.dll

  • Size

    58KB

  • MD5

    3f496edde00144cd89b1459c5b2c9a60

  • SHA1

    23b07307d3d018e6f18f52a1bb84ba80edd7a52b

  • SHA256

    275b13ffa2d6da477a254e7cdf9f6ad8b8f8d8b1def9140bffe8e09034849bfa

  • SHA512

    e28b77ae5aded169a919f0cb31ab270b9ddddc05f8896fac5e1c08124bd1d2765c7bac00aeffed12b49843b7bcfee1dc0fa61bcbed028de359b27e0e6c8be000

  • SSDEEP

    768:7DfN9wiAxAfgsA83/hL9sWx2H5GlEDEn2yqozpmaNWl7y3UEEZZX7:7DHwiAlypsWI0TvrWl7y3Ut

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.3f496edde00144cd89b1459c5b2c9a60.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\NEAS.3f496edde00144cd89b1459c5b2c9a60.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads