Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
05/11/2023, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe
-
Size
39KB
-
MD5
5c3eebe525e894e8c8191bfce2d49d20
-
SHA1
323f9ba5b4a5160ce8014f1467914984ab0cf18c
-
SHA256
5e7aea9f9a5e88fbe5d1dbd5c4c282d25a0f165348afc2ef583e665491273a4c
-
SHA512
0c615de99eb443dd5bb1d99c6485258f0481c16c8a7a32bae10b514ccbd9426427720ecb9eb1165ac45c61ce95534d66f81f3cb16c94284638306e3e726b70d5
-
SSDEEP
768:uM4twxo2RrJYypp+e+oJXITSoJduC1ZsQ0D3zHSGiVLuHJRnD6ptl:4axBRlYypb5j8ugsQ0DjLiLuz6ptl
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4632 Un_A.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4888 wrote to memory of 4632 4888 NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe 91 PID 4888 wrote to memory of 4632 4888 NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe 91 PID 4888 wrote to memory of 4632 4888 NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.5c3eebe525e894e8c8191bfce2d49d20.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
PID:4632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD55c3eebe525e894e8c8191bfce2d49d20
SHA1323f9ba5b4a5160ce8014f1467914984ab0cf18c
SHA2565e7aea9f9a5e88fbe5d1dbd5c4c282d25a0f165348afc2ef583e665491273a4c
SHA5120c615de99eb443dd5bb1d99c6485258f0481c16c8a7a32bae10b514ccbd9426427720ecb9eb1165ac45c61ce95534d66f81f3cb16c94284638306e3e726b70d5
-
Filesize
39KB
MD55c3eebe525e894e8c8191bfce2d49d20
SHA1323f9ba5b4a5160ce8014f1467914984ab0cf18c
SHA2565e7aea9f9a5e88fbe5d1dbd5c4c282d25a0f165348afc2ef583e665491273a4c
SHA5120c615de99eb443dd5bb1d99c6485258f0481c16c8a7a32bae10b514ccbd9426427720ecb9eb1165ac45c61ce95534d66f81f3cb16c94284638306e3e726b70d5