c475dc08c677bc2c093b7e08d25b9a2cdcef0eae7c6e29bcd613bf7aeaa09f06

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d23eccda4faf30490ef6e40439406660.exe
Size

334KB
MD5

d23eccda4faf30490ef6e40439406660
SHA1

00a1ad38e552c6db719576ea24415426d2da0acf
SHA256

c475dc08c677bc2c093b7e08d25b9a2cdcef0eae7c6e29bcd613bf7aeaa09f06
SHA512

5425a2feabaff9dfc22eae0300664fd5fdfa482a45d6f9432778ee4da95862db92152aa69ff47fe19658e97702a5d7b07c6ff02aff608b4233c63bb34aced190
SSDEEP

6144:+nOsaHli5zK2EIOEzLDVXv+LatyDVXv+Lat9Qe+Lat9li5zR:+nOf52EIOqvVxtWVxt97tw

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 4580	1924	NEAS.d23eccda4faf30490ef6e40439406660.exe	88
PID 1924 wrote to memory of 4580	1924	NEAS.d23eccda4faf30490ef6e40439406660.exe	88
PID 1924 wrote to memory of 4580	1924	NEAS.d23eccda4faf30490ef6e40439406660.exe	88
PID 4580 wrote to memory of 4340	4580	cmd.exe	90
PID 4580 wrote to memory of 4340	4580	cmd.exe	90
PID 4580 wrote to memory of 4340	4580	cmd.exe	90
PID 4340 wrote to memory of 2344	4340	iexpress.exe	91
PID 4340 wrote to memory of 2344	4340	iexpress.exe	91
PID 4340 wrote to memory of 2344	4340	iexpress.exe	91

C:\Users\Admin\AppData\Local\Temp\NEAS.d23eccda4faf30490ef6e40439406660.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d23eccda4faf30490ef6e40439406660.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6419.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\NEAS.d23eccda4faf30490ef6e40439406660.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4340
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6419.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
335KB

MD5
6abd0c79d17c0665ef3965a9efde2985

SHA1
bb1e2b7ffd8f647f02085fe1a403bfb867a4b808

SHA256
f49c716a0432be8a63fb0991aa2d82ff307b02e24e07e24796db8faf8c5459a1

SHA512
76101b2d4032c5deb289887a7d7d4c5bcfc897499cd6a79b2a157c24fe9691443d082d032537b33afd1fd72d49ea07dfa831da459c16ba6285b8016b41d66183

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
335KB

MD5
6abd0c79d17c0665ef3965a9efde2985

SHA1
bb1e2b7ffd8f647f02085fe1a403bfb867a4b808

SHA256
f49c716a0432be8a63fb0991aa2d82ff307b02e24e07e24796db8faf8c5459a1

SHA512
76101b2d4032c5deb289887a7d7d4c5bcfc897499cd6a79b2a157c24fe9691443d082d032537b33afd1fd72d49ea07dfa831da459c16ba6285b8016b41d66183

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads