Overview

overview

8

Static

static

7

NEAS.62828...c0.exe

windows7-x64

8

NEAS.62828...c0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 08:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.62828b438f35b449819b29d29f8457c0.exe

  • Size

    1.3MB

  • MD5

    62828b438f35b449819b29d29f8457c0

  • SHA1

    442a5a1f7dd396ed02af1a396773a4a87f45c6e4

  • SHA256

    1e6e3b684837e4bcb00014d93f50482617ee791b5edaff27c7ddca0d75d06c3d

  • SHA512

    7a85094b86cf1355ad5038920d76e4bd838f6caca3a16b43e2adb2a7ad271e80d4cfc1aedb33e51492870776331dc49dd9378370a4cd96365c8519c96b7234aa

  • SSDEEP

    24576:Qak/7Nk4RZuqKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/uZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.62828b438f35b449819b29d29f8457c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.62828b438f35b449819b29d29f8457c0.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\AppData\Local\Temp\NEAS.62828b438f35b449819b29d29f8457c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.62828b438f35b449819b29d29f8457c0.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2532

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          51f86b01b91d128a95ba830c0ae6f868

          SHA1

          8f9acee98a8366046e1fff489511b7faea5bb412

          SHA256

          720523ebb95b3f0b562ea8ee855799dad6a2a706f477f8520f7a62fa0c5d47bc

          SHA512

          5d78327f3364b2a956f0519077b8528d15bec6d424d9d054e3ce070cec54105f9867c8f9569db9a18ae29db769a9f39990abfe66f755c9e78a30999a3941cd4c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          26302ba5281af9dfa749273a75f27063

          SHA1

          00b62a551f912afda82a45ee8a15f9c02d92e673

          SHA256

          2ba461a1988535eec2dcde6ef5a08858894d150399eb4ac347cc6ef5b1b91e00

          SHA512

          da1f2b996f78dcdc699d3adc48531f26bd3b2885efcf7adaa3366fedf888fbc6d8455c24dd0aaa37483faae6d9b85854be99256ef8a8c5901515c21a982d3958

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          11a767bbe9e5d57ae887c17ea70eef2a

          SHA1

          36744e07b9b239d214eccdd89220eed827403ec1

          SHA256

          6b818a1f13497333057bc1d7889bc548bc157558183e90fd3fdc0d4f1e0ffdd6

          SHA512

          c376de2112e4493a2758e32c3eca9d59f38966f63b7daf7f2ab3cbdcf0eb2bebc26bc0e81045b6e00d11b05a226777d70dcffb7d5118c25d56783fdb1c07f6e0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e7016bd13f6fc4460cdb79f721bb0a94

          SHA1

          ebbc50237bcf2acb1cc30dd22c00bed263053967

          SHA256

          174f5ad675b8409f39c89b93e3d96ddc071a7a49310244710289c73584004a61

          SHA512

          a47291e405e175f3d1323b995210a8f5235aa807d6f115908ecd2cc7df7361df9b7877bb0ffd6615226ea7a4c702368cc53eda739e6efcf9c1dad9e5509f919d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e7016bd13f6fc4460cdb79f721bb0a94

          SHA1

          ebbc50237bcf2acb1cc30dd22c00bed263053967

          SHA256

          174f5ad675b8409f39c89b93e3d96ddc071a7a49310244710289c73584004a61

          SHA512

          a47291e405e175f3d1323b995210a8f5235aa807d6f115908ecd2cc7df7361df9b7877bb0ffd6615226ea7a4c702368cc53eda739e6efcf9c1dad9e5509f919d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          35e385103a78e78b2cc2f7ace441bf58

          SHA1

          10505a5ca1b2bcc64bdeff181612e748cf6c0e73

          SHA256

          d243c985419aa0ef56c4bce5fc02756c0099eff3643567c4760dd4579acee745

          SHA512

          9c3030c5d5553206db06a827246fb74ce8a5471663788938c5170e9a7ba27b95f9306d65bcfac5c7b21f54761ccf278bd571b7f0163767bdb9a59b893242e64f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f539c06e3a57d8b81849aaaa246a7d3f

          SHA1

          f41fdb6dd5ea4e64805e3993ece1bf5e745a37c6

          SHA256

          cd953381fc778761da309add42c4c410db6fea3eb302550850c5c95a7119ad87

          SHA512

          686f604d638021b3d1da4d54a357ba4ff165fd630bdfb743cbdcf544d6b5110aae3d5bddb182fda9ae6d03ccaeed8be45845845fe219cf650e0ec6ba01bd9734

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5f4cbfbf29fb26f9a1a836163410b7ec

          SHA1

          b45d04ae86aaec72ffa651befae063681e0361a1

          SHA256

          b4f3431535ba4040a19db2458d950be7cd42ff306a92e5f894e9973ac2605652

          SHA512

          3f99bde578bf0b8ac9d4cfe0f1d7178e6a36302e81df96c35d51a81c4e55e89bac77c331f582f5554ed13788e456ed6949ec284bb88966129f8471721f3b1438

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b485f6efabb93f10c255dc0eac677e40

          SHA1

          086e0e4fe000b45dedaf00a3d316d0a3e1b78c6c

          SHA256

          ffeac59d68945654a5b5223ea53e520e380c5da71f71f5fffa261fa1798f30a8

          SHA512

          01867080f251faa4a646374b5b11a56b50380c581db12113f0d0dd5c010e94256d22d42074749db42c587a59660e7327a34f584fc541644cd83ec2500406761f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2db5ab015ce6c757d94e50037571fd69

          SHA1

          4a43af20b2371ff986d13cb351bd5a24b9c637cb

          SHA256

          56d21db45621197234bf3be1fa013c7c8e04da376a695dcbb3cd51ef9fc70795

          SHA512

          34041852f39abaa4b8bd93de092478dbd5135207bcf95a76e2db4e548efc8e70b98b84972e5e6ca582e114ad6c4b23f2d164268e3e35586e43064be6be4467d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2e1c37e649296fa5683f6735ace3dd8e

          SHA1

          f2e8355f19afd814d33fe3816f2dfaeb58928c79

          SHA256

          bae491c4aff4264075e497949216e90c1ad55e55b1012e8bbb1914437d4fe96b

          SHA512

          0c4399dc64a280ec3f4ab341907dae667d3430000ec65fba9864e8c989582d1b70ca02e81581fa4c9204478ee8edfbf9d751328e626585631e3f0e6cda9d8da5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aeb7c3babfc4385e1da2a8676c4a87f4

          SHA1

          5e75696df2fd74ad82f011a7d8fecea0db2e013e

          SHA256

          1ca56e5fd1c8e89d29f0c5c7ed44759036d004806a819fe077a245e09a6c14af

          SHA512

          e8a0e3d27acb21c42094e5ad196db5eb999151af61144ced9763248235fee173f53b3a75b6b593abfdbd4f50b57d35d098de9e54210fe5e456c898591fa2f3bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8d9e16e0f0281f102d7022a53c2af008

          SHA1

          6c87e65c70945dedbfe3123ca27fde3d082eb3f1

          SHA256

          1cf31e1e7dbde2985ac340fbb94574d5e3473bf9778897a4097c0895d4a7d0fb

          SHA512

          f477021d261cfcad1774ccea53e6cd7a5dde27d9c1077b4ca22f0ce5b5e536c940d874f29901cf041a46b4f3807aebb6ff5b5b4f350cf6296442c91753b1ef5a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3aedc766de09ff68b8b59768d96686fb

          SHA1

          8325180147a255b184591d750c8efd6f0ace855c

          SHA256

          45e7efaf43d9faa3bb82cb85fcdb8d3b7c7a0ac22895edb80a15679c4787939f

          SHA512

          a7a276e63220042f94c1e776997c62c10ee60ada75f1d6337901a86aaa4d9e43d922713791273ec93837a2192e13f68d9f929a54455665d2fdbe656f73d21e3a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          29057630d67c8845d813be00ebc6dcae

          SHA1

          13b2b346ae14b43e1a72dc5e95726ac8ea7a2026

          SHA256

          5f534a3702aa84b969aeb0030e4aa72a292684e82144dc80bd1be7845035601d

          SHA512

          bf1ff7e977fe750750ec06c826ed4f5d9820368cb9d348ddf9c7b984b3543d832fc3fca4396ed805552846269cbd4076c7e524647397d328cf3b50f8301f5239

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aa72d3884199c15cf4b3508bfffd63de

          SHA1

          07cb2935869337b48dd0684bb44731281522aced

          SHA256

          7abf8b7ca99cec4436d2db406b95346cc380a1b2f263b711a20c9bc93b5e1c05

          SHA512

          18e50e63c86aa341aee8464ccb3234124351c49a064f9a8b0c96a3bd177f3bcb4d7aa04ea210e3b67c4f457350d8996861e75130766005486c7fddf9f1697f9c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          134834516beb5f29179525205aa7b4ed

          SHA1

          3b45aac4b14fdc235780541e568e3d62e08a377d

          SHA256

          392c67d6257dbdbc4a3476512fbfe6fc6c6b6dcf2e3e8bb9903365a5e1b36aa8

          SHA512

          86e9738fb74a5ee7fe48d2ed9f84a299c4301d744528bc5f67eccac97f57b753f55e580e0a31a0c5c818611337a7171f736bb81e933acf18cc0520bb6e88064d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4a00e5f2c730563cef74b2da32907e92

          SHA1

          56e127c712c6da32ae4a380258b0fb93aeadea38

          SHA256

          16ac68a94ab2a1ec8897969390765dd7d894950d7e75977e050e1077fb58eaeb

          SHA512

          10bee18c04b33cdaf835fd903b59acfe54fe865aa19c0eceead2311cb27b04e363bd08525449862583fba3d29f93c01e04d8f853fb471c0f7e74c6974f183859

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabAC38.tmp
          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarACE8.tmp
          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          Download Submit

        • memory/2516-5-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2516-8-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2516-1-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2516-2-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2516-3-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2516-4-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2516-0-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-12-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3060-20-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-7-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-10-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-6-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-11-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-9-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-15-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-16-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3060-17-0x0000000000400000-0x00000000006A6000-memory.dmp

          Filesize

          2.6MB

          Download