831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

Analysis

max time kernel
145s
max time network
152s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 11:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
Size

1.3MB
MD5

8277147e808fdccd8cb3cb8299e82e30
SHA1

17d3cd78f197e6cb3c17f2570f9d40543bba9ecb
SHA256

831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a
SHA512

2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12
SSDEEP

12288:iMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9NiXIigo+qwl6:insJ39LyjbJkQFMhmC+6GD94Xt1+qw8

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2804	._cache_NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
2832	Synaptics.exe
2664	._cache_Synaptics.exe

Loads dropped DLL 5 IoCs

pid	Process
2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
2832	Synaptics.exe
2832	Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2804	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	28
PID 2212 wrote to memory of 2804	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	28
PID 2212 wrote to memory of 2804	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	28
PID 2212 wrote to memory of 2804	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	28
PID 2212 wrote to memory of 2832	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	30
PID 2212 wrote to memory of 2832	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	30
PID 2212 wrote to memory of 2832	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	30
PID 2212 wrote to memory of 2832	2212	NEAS.8277147e808fdccd8cb3cb8299e82e30.exe	30
PID 2832 wrote to memory of 2664	2832	Synaptics.exe	31
PID 2832 wrote to memory of 2664	2832	Synaptics.exe	31
PID 2832 wrote to memory of 2664	2832	Synaptics.exe	31
PID 2832 wrote to memory of 2664	2832	Synaptics.exe	31

C:\Users\Admin\AppData\Local\Temp\NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8277147e808fdccd8cb3cb8299e82e30.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\._cache_NEAS.8277147e808fdccd8cb3cb8299e82e30.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_NEAS.8277147e808fdccd8cb3cb8299e82e30.exe"
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
1.3MB

MD5
8277147e808fdccd8cb3cb8299e82e30

SHA1
17d3cd78f197e6cb3c17f2570f9d40543bba9ecb

SHA256
831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

SHA512
2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
1.3MB

MD5
8277147e808fdccd8cb3cb8299e82e30

SHA1
17d3cd78f197e6cb3c17f2570f9d40543bba9ecb

SHA256
831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

SHA512
2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
1.3MB

MD5
8277147e808fdccd8cb3cb8299e82e30

SHA1
17d3cd78f197e6cb3c17f2570f9d40543bba9ecb

SHA256
831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

SHA512
2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_NEAS.8277147e808fdccd8cb3cb8299e82e30.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_NEAS.8277147e808fdccd8cb3cb8299e82e30.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
\ProgramData\Synaptics\Synaptics.exe

Filesize
1.3MB

MD5
8277147e808fdccd8cb3cb8299e82e30

SHA1
17d3cd78f197e6cb3c17f2570f9d40543bba9ecb

SHA256
831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

SHA512
2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12

Download Submit
\ProgramData\Synaptics\Synaptics.exe

Filesize
1.3MB

MD5
8277147e808fdccd8cb3cb8299e82e30

SHA1
17d3cd78f197e6cb3c17f2570f9d40543bba9ecb

SHA256
831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

SHA512
2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12

Download Submit
\ProgramData\Synaptics\Synaptics.exe

Filesize
1.3MB

MD5
8277147e808fdccd8cb3cb8299e82e30

SHA1
17d3cd78f197e6cb3c17f2570f9d40543bba9ecb

SHA256
831a04ea1dae4d5fb42743fdc5321e532c17fed2cf6dc130467bcc025842252a

SHA512
2228623cb39199f2d6cc6ef287ab21331ec88aeb149c6a5ef6468aabc25366d1cc733efdfa05c512c2f7f5e10e3478749c445c1a33f82bbb4ee1513391863e12

Download Submit
\Users\Admin\AppData\Local\Temp\._cache_NEAS.8277147e808fdccd8cb3cb8299e82e30.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
557KB

MD5
c766853e9158449855b5d9cc0925904b

SHA1
9cd986cbca432e46d2a34ea54ce69a7066fcb342

SHA256
956314ce4abf95cb91ff32bca737a615dc38bcb1fb349a96e4e4fa5fd64252ca

SHA512
06c5de1113f5ff7f718a11b927dfd59d0538c88807809d700a342f589bba274d233fd83c0fd86c588ae2ea54e7c0b45179ee0c0da1ddd85d9e430734fb6dc504

Download Submit
memory/2212-21-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2212-32-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2212-19-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2212-0-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2212-22-0x0000000003B10000-0x0000000003B20000-memory.dmp

Filesize
64KB

Download
memory/2212-5-0x0000000003B10000-0x0000000003B20000-memory.dmp

Filesize
64KB

Download
memory/2212-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2664-55-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2664-48-0x0000000001320000-0x00000000013AE000-memory.dmp

Filesize
568KB

Download
memory/2664-51-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2804-36-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2804-49-0x000000001AC80000-0x000000001AD00000-memory.dmp

Filesize
512KB

Download
memory/2804-50-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2804-33-0x0000000000340000-0x00000000003CE000-memory.dmp

Filesize
568KB

Download
memory/2832-46-0x0000000003AD0000-0x0000000003AE0000-memory.dmp

Filesize
64KB

Download
memory/2832-45-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2832-43-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2832-52-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2832-53-0x0000000003AD0000-0x0000000003AE0000-memory.dmp

Filesize
64KB

Download
memory/2832-56-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2832-61-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2832-86-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads