Overview

overview

7

Static

static

3

NEAS.ba953...30.exe

windows7-x64

7

NEAS.ba953...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 07:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ba953f4845c73de8854377caf0b32830.exe

  • Size

    69KB

  • MD5

    ba953f4845c73de8854377caf0b32830

  • SHA1

    7308d4d92fdb7fb5702ca3c6bc56bc62f8717a62

  • SHA256

    a87a851e635d23267b52623e451ef9578f09937c6d22a11b896486348c7a7f13

  • SHA512

    6edf75227e2c95c7b2731973dd3cc3bbee9ae48ea866ce00bee42f16cfdb4e1106063693fcc8ee8aa996c295aae7bf96f142e41bad4a00da21cf5adcb3502f00

  • SSDEEP

    1536:/Ao0+j2d6rnJqlIUSJn3m2GnNCyuaMeFg8kVQ+SvMupWsZZZNF01Lryhv1g1s1Ee:/AoVl4lXin3m2GnNCyuaMeFg8kVQ+Sv1

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ba953f4845c73de8854377caf0b32830.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ba953f4845c73de8854377caf0b32830.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1548
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4628

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          69KB

          MD5

          79b30668450c58ed9f1e3548a2434c88

          SHA1

          6eaeb81e542f58c14cce4ac189fbcd592bce7198

          SHA256

          2183a1673cbdccc76acc0b92e2f71971e97e31662afab54bf3d945a13023ae5b

          SHA512

          28f09b4d922e00639e2e5fa9a52867e22e710e07a589754d60cc1c5b189f8f17cc536d1b42e2a32851c7c2d452940f720a97e6bcdb769d72bf045d68c60aad26

          Download Submit

        • C:\Windows\microsofthelp.exe
          Filesize

          69KB

          MD5

          79b30668450c58ed9f1e3548a2434c88

          SHA1

          6eaeb81e542f58c14cce4ac189fbcd592bce7198

          SHA256

          2183a1673cbdccc76acc0b92e2f71971e97e31662afab54bf3d945a13023ae5b

          SHA512

          28f09b4d922e00639e2e5fa9a52867e22e710e07a589754d60cc1c5b189f8f17cc536d1b42e2a32851c7c2d452940f720a97e6bcdb769d72bf045d68c60aad26

          Download Submit

        • memory/1548-0-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/1548-4-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/4628-6-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download