Overview

overview

7

Static

static

3

NEAS.030f3...d0.exe

windows7-x64

7

NEAS.030f3...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.030f3cc70c121dc2987083ef71d50ed0.exe

  • Size

    483KB

  • MD5

    030f3cc70c121dc2987083ef71d50ed0

  • SHA1

    a53b713b226d56d586a02750a01ed62663086509

  • SHA256

    964addbcadc0065b7857abe39a5d939ae99f82cdf020484b2bce4ec2b9fe75ed

  • SHA512

    7007bed91cd69cba607e2893aa6a418974ba7eeef77f00c5a752219a58e7830a4f514d50760a1f6036cf8811d134e993dddc37927f6a3557eeef7980b9aceb5a

  • SSDEEP

    6144:DWRaLyP7muHusP03zuO4sk08lj5R6WnFNVwhDtHbuKRF7LbPdQ0O6YZ:DfyPauHusmzcTVoRHq0F7VQ0OP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.030f3cc70c121dc2987083ef71d50ed0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.030f3cc70c121dc2987083ef71d50ed0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dfsF00D.tmp
    Filesize

    288KB

    MD5

    de7a388793ee937d6fd8fb0c4811b19d

    SHA1

    a3499ef07a94d90002b3dd19014f902cb4e13f6a

    SHA256

    739a2abb353bd017623269e1d55ab15a5cbf3754e1f9ab42ef33dc49d38152a4

    SHA512

    c8ca33ba2f136d78507b75ae7d11714c5c07cb5e8018bde4d2169b51c4f03f42657698943f1de0784a6e0c593683fc06d1e3047040ef155b5f57055779ccb124

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dfsF00D.tmp
    Filesize

    288KB

    MD5

    de7a388793ee937d6fd8fb0c4811b19d

    SHA1

    a3499ef07a94d90002b3dd19014f902cb4e13f6a

    SHA256

    739a2abb353bd017623269e1d55ab15a5cbf3754e1f9ab42ef33dc49d38152a4

    SHA512

    c8ca33ba2f136d78507b75ae7d11714c5c07cb5e8018bde4d2169b51c4f03f42657698943f1de0784a6e0c593683fc06d1e3047040ef155b5f57055779ccb124

    Download Submit

  • memory/224-10-0x0000000004E10000-0x0000000004E1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/224-11-0x0000000004B20000-0x0000000004B30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/224-6-0x0000000004B20000-0x0000000004B30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/224-7-0x0000000004A20000-0x0000000004A2C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/224-8-0x00000000053C0000-0x0000000005964000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/224-9-0x0000000004D30000-0x0000000004DC2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/224-4-0x0000000004A50000-0x0000000004A9E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/224-5-0x0000000074820000-0x0000000074FD0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/224-12-0x0000000004B20000-0x0000000004B30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/224-13-0x0000000008070000-0x00000000080D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/224-19-0x000000000A380000-0x000000000AB26000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/224-23-0x0000000074820000-0x0000000074FD0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/224-24-0x0000000004B20000-0x0000000004B30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/224-25-0x0000000004B20000-0x0000000004B30000-memory.dmp

    Filesize

    64KB

    Download