Overview

overview

7

Static

static

3

NEAS.db6b9...b0.exe

windows7-x64

6

NEAS.db6b9...b0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2023, 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.db6b992c4c2cab22932aa462c93176b0.exe

  • Size

    212KB

  • MD5

    db6b992c4c2cab22932aa462c93176b0

  • SHA1

    0bb0b3027465d0852a6f24a1db6e3be848501522

  • SHA256

    7b8b5010eb5adf9c804d5778ad77dc0e8e8d53af10cb2d4ed22048340bb746aa

  • SHA512

    9ff9b01efa36f4f7e27b220ae9a926095a4af273320be45a73923e1ac837b3cb461175848f1517ae1870115b6dfbaeaa5d184d0570e7bd3c8167072fa8e22d0b

  • SSDEEP

    3072:Gv/IL44frgyGGqB/QH1VdzDu43d/9gCOuMHCV+yXSD7ihxrG/AIqfc6KpYffLT:4AU40GqVQV9tirCVcXinG/Af0ZSffL

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.db6b992c4c2cab22932aa462c93176b0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.db6b992c4c2cab22932aa462c93176b0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Windows\SysWOW64\svchost.exe
      C:\ProgramData\a94fbc40.exe
      2⤵
      • Adds Run key to start application
      • Checks for any installed AV software in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:2236
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Roaming\dxf430D.tmp.bat" "C:\Users\Admin\AppData\Local\Temp\NEAS.db6b992c4c2cab22932aa462c93176b0.exe""
      2⤵
        PID:1668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\dxf430D.tmp.bat
      Filesize

      34B

      MD5

      2ebedc77c1666d3421fc42089c844f8e

      SHA1

      6f1f65ca9c510c5f453f5cb62acfa76bb0902ec5

      SHA256

      70f6e64bcf2cd7dddb0f07ac3ec87903471a4c4e4876e63f68ce5b085291ad19

      SHA512

      d2060982bdf0766528930ae0238cc2d1781495d09e43332697c0549698c3c9bde50aae3391e7603e7448c40d241fcc5fc94f0e25a188501bfd0c185637d9c792

      Download Submit

    • C:\Users\Admin\AppData\Roaming\dxf430D.tmp.bat
      Filesize

      34B

      MD5

      2ebedc77c1666d3421fc42089c844f8e

      SHA1

      6f1f65ca9c510c5f453f5cb62acfa76bb0902ec5

      SHA256

      70f6e64bcf2cd7dddb0f07ac3ec87903471a4c4e4876e63f68ce5b085291ad19

      SHA512

      d2060982bdf0766528930ae0238cc2d1781495d09e43332697c0549698c3c9bde50aae3391e7603e7448c40d241fcc5fc94f0e25a188501bfd0c185637d9c792

      Download Submit

    • memory/844-1-0x0000000000400000-0x000000000054A000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/844-0-0x0000000000220000-0x0000000000223000-memory.dmp

      Filesize

      12KB

      Download

    • memory/844-224-0x0000000000400000-0x000000000054A000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2236-293-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-310-0x0000000000100000-0x0000000000110000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2236-294-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-298-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-299-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-300-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-302-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-301-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-296-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-4-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-303-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-305-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-306-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-292-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-309-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-308-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-311-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-312-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-314-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-315-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-319-0x0000000000160000-0x0000000000191000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2236-321-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-322-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-323-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-324-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2236-325-0x0000000000600000-0x0000000000700000-memory.dmp

      Filesize

      1024KB

      Download