Overview

overview

7

Static

static

3

NEAS.4a108...20.exe

windows7-x64

7

NEAS.4a108...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.4a1086e1df895707f659d6795c7ac520.exe

  • Size

    333KB

  • MD5

    4a1086e1df895707f659d6795c7ac520

  • SHA1

    8074b96a26e214307bb0e4b6e74828ccf466ef13

  • SHA256

    45c4a1e2639094f409f86a0320d4ecba31e4960d90ee0ad3b84d1969c6ff13bc

  • SHA512

    8e2cb49ef215e2523cba8a00b5c1f24176a1a005c6f0b55ac9b87d330be923130565eaf37c35332e898e56054d6277c3e372678c808aa79f557cde6467d58c0b

  • SSDEEP

    1536:SAqVEcpwlT7hgaZWgWhGv7B1hXW4iLW8fk6M50dGW7:e8RhgAWIY3Lab00W7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 34 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.4a1086e1df895707f659d6795c7ac520.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4a1086e1df895707f659d6795c7ac520.exe"
    1⤵
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3848
    • F:\$RECYCLE.BIN\svchost.exe
      F:\$RECYCLE.BIN\svchost.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • F:\$RECYCLE.BIN\svchost.exe
    Filesize

    334KB

    MD5

    d891c60eca9664fc5ae90a17ade1dbd2

    SHA1

    bed3496dac44d9983b28dc03526285f5a112eed9

    SHA256

    525d461725b611d1e42bd8872265568f6c15cff3544f0bd7603877cf7ba18372

    SHA512

    39ecf280ce32e36553767c5ad951b7c09364514b79ac0ac15849093c45c844448039da5316c5edff04dbd8129e24307d56a919f0a1e25271c6eb28f5b782d215

    Download Submit

  • F:\$RECYCLE.BIN\svchost.exe
    Filesize

    334KB

    MD5

    d891c60eca9664fc5ae90a17ade1dbd2

    SHA1

    bed3496dac44d9983b28dc03526285f5a112eed9

    SHA256

    525d461725b611d1e42bd8872265568f6c15cff3544f0bd7603877cf7ba18372

    SHA512

    39ecf280ce32e36553767c5ad951b7c09364514b79ac0ac15849093c45c844448039da5316c5edff04dbd8129e24307d56a919f0a1e25271c6eb28f5b782d215

    Download Submit

  • memory/2012-5-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3848-6-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download