Overview

overview

7

Static

static

3

NEAS.4a108...20.exe

windows7-x64

7

NEAS.4a108...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.4a1086e1df895707f659d6795c7ac520.exe

  • Size

    333KB

  • MD5

    4a1086e1df895707f659d6795c7ac520

  • SHA1

    8074b96a26e214307bb0e4b6e74828ccf466ef13

  • SHA256

    45c4a1e2639094f409f86a0320d4ecba31e4960d90ee0ad3b84d1969c6ff13bc

  • SHA512

    8e2cb49ef215e2523cba8a00b5c1f24176a1a005c6f0b55ac9b87d330be923130565eaf37c35332e898e56054d6277c3e372678c808aa79f557cde6467d58c0b

  • SSDEEP

    1536:SAqVEcpwlT7hgaZWgWhGv7B1hXW4iLW8fk6M50dGW7:e8RhgAWIY3Lab00W7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 34 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.4a1086e1df895707f659d6795c7ac520.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4a1086e1df895707f659d6795c7ac520.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\PerfLogs\lsass.exe
      C:\PerfLogs\lsass.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PerfLogs\lsass.exe
    Filesize

    334KB

    MD5

    61e568a1eaeb0c3bdbf3e5c0ceff9f2f

    SHA1

    a6303bcb852f06477fdd1f8624598d4091e0d568

    SHA256

    c336b5273e38496d5a04fdd7e2e8de6280337bb1cf297461d3560c8d81232436

    SHA512

    953f00becb7b4d85df8abfe93d18514360a925582d132731c775b59809feec3ad97b2946d7f8e8006860f24a53a2ae01b934320dacc175fcb261eabaf6870081

    Download Submit

  • C:\PerfLogs\lsass.exe
    Filesize

    334KB

    MD5

    61e568a1eaeb0c3bdbf3e5c0ceff9f2f

    SHA1

    a6303bcb852f06477fdd1f8624598d4091e0d568

    SHA256

    c336b5273e38496d5a04fdd7e2e8de6280337bb1cf297461d3560c8d81232436

    SHA512

    953f00becb7b4d85df8abfe93d18514360a925582d132731c775b59809feec3ad97b2946d7f8e8006860f24a53a2ae01b934320dacc175fcb261eabaf6870081

    Download Submit

  • C:\PerfLogs\lsass.exe
    Filesize

    334KB

    MD5

    61e568a1eaeb0c3bdbf3e5c0ceff9f2f

    SHA1

    a6303bcb852f06477fdd1f8624598d4091e0d568

    SHA256

    c336b5273e38496d5a04fdd7e2e8de6280337bb1cf297461d3560c8d81232436

    SHA512

    953f00becb7b4d85df8abfe93d18514360a925582d132731c775b59809feec3ad97b2946d7f8e8006860f24a53a2ae01b934320dacc175fcb261eabaf6870081

    Download Submit

  • \PerfLogs\lsass.exe
    Filesize

    334KB

    MD5

    61e568a1eaeb0c3bdbf3e5c0ceff9f2f

    SHA1

    a6303bcb852f06477fdd1f8624598d4091e0d568

    SHA256

    c336b5273e38496d5a04fdd7e2e8de6280337bb1cf297461d3560c8d81232436

    SHA512

    953f00becb7b4d85df8abfe93d18514360a925582d132731c775b59809feec3ad97b2946d7f8e8006860f24a53a2ae01b934320dacc175fcb261eabaf6870081

    Download Submit

  • \PerfLogs\lsass.exe
    Filesize

    334KB

    MD5

    61e568a1eaeb0c3bdbf3e5c0ceff9f2f

    SHA1

    a6303bcb852f06477fdd1f8624598d4091e0d568

    SHA256

    c336b5273e38496d5a04fdd7e2e8de6280337bb1cf297461d3560c8d81232436

    SHA512

    953f00becb7b4d85df8abfe93d18514360a925582d132731c775b59809feec3ad97b2946d7f8e8006860f24a53a2ae01b934320dacc175fcb261eabaf6870081

    Download Submit

  • memory/1372-10-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2372-11-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2372-22-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2372-23-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download