Overview

overview

8

Static

static

3

NEAS.0d6b3...a0.exe

windows7-x64

8

NEAS.0d6b3...a0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    04-11-2023 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe

  • Size

    145KB

  • MD5

    0d6b3fd023782511a151bc17d7b72aa0

  • SHA1

    581ac5896bc7b73b4eebfb370c8635123ae2f81e

  • SHA256

    7babeb7b613b6d5d817e17b9b5d2d8f91d3a99aad30d975e91a9140e4dd4ba18

  • SHA512

    e876d81661159e250252bc5b0d8cb2453df4482e47125bba531942de79a377118cde8536f1a242ba2f38c30bc51ecc9d8dda7f918a737ba8ca0efb5210ff0922

  • SSDEEP

    3072:H0FcokNlIts/eEieyYr5czW2BmQ6GEq03IviP:H05WJWE+hS2h0IviP

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2460
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {181D773D-D94E-4E00-812B-4649F180821C} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\PROGRA~3\Mozilla\pwhehon.exe
      C:\PROGRA~3\Mozilla\pwhehon.exe -arzwbsb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\pwhehon.exe
    Filesize

    145KB

    MD5

    2d5ddbe651b6d60fa556f095d317b6da

    SHA1

    7fa1b55d28b3fa6686b5e9b4c8b75a6ba8cd1f0c

    SHA256

    2daa9f7b3960a538fcbf36122df334064a0243174511a96894cc53d7f304d1e7

    SHA512

    8121d1298fda3931a73281ba76a1c3c5ac1b4a80368dee3f0a9e8c5f876af056a9b99e3b7fcd00d7a2c8680ad62d640c4c62eae66edb6558b15b11a92e4187a6

    Download Submit

  • C:\PROGRA~3\Mozilla\pwhehon.exe
    Filesize

    145KB

    MD5

    2d5ddbe651b6d60fa556f095d317b6da

    SHA1

    7fa1b55d28b3fa6686b5e9b4c8b75a6ba8cd1f0c

    SHA256

    2daa9f7b3960a538fcbf36122df334064a0243174511a96894cc53d7f304d1e7

    SHA512

    8121d1298fda3931a73281ba76a1c3c5ac1b4a80368dee3f0a9e8c5f876af056a9b99e3b7fcd00d7a2c8680ad62d640c4c62eae66edb6558b15b11a92e4187a6

    Download Submit

  • memory/2460-0-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2460-2-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2460-1-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2460-4-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2460-7-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2776-10-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2776-12-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2776-11-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2776-16-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download