492f534c424a9ae061a87decbfc36f98cbc78c86a0eedf34783dab5bd5dc3c0f

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1e835ba7ad110ecf49806efc820067a0.exe
Size

887KB
MD5

1e835ba7ad110ecf49806efc820067a0
SHA1

b6940c36c46b058737709694c22bdc2915d95290
SHA256

492f534c424a9ae061a87decbfc36f98cbc78c86a0eedf34783dab5bd5dc3c0f
SHA512

f4e32e991fb1fbd2dea275830ff96e7a245fd9c1f7c60a619e3b8d21f3d6a679388be4e991d1ffa003549d7b270d45997e116666d8369cef8cb3b4e6d8ef72b9
SSDEEP

6144:nSsGF15F2SA+THG3uEagqzgNTZy8o/Ltzzq/MMPwABbxxJa/YESN:nJGFR2/+SeEagxdZkGPjVDa/ZSN

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Executes dropped EXE 1 IoCs

pid	Process
2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Loads dropped DLL 4 IoCs

pid	Process
2268	NEAS.1e835ba7ad110ecf49806efc820067a0.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1316	2520	WerFault.exe	28

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2268	NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2520	2268	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	28
PID 2268 wrote to memory of 2520	2268	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	28
PID 2268 wrote to memory of 2520	2268	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	28
PID 2268 wrote to memory of 2520	2268	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	28
PID 2520 wrote to memory of 1316	2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	29
PID 2520 wrote to memory of 1316	2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	29
PID 2520 wrote to memory of 1316	2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	29
PID 2520 wrote to memory of 1316	2520	NEAS.1e835ba7ad110ecf49806efc820067a0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 144
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Filesize
887KB

MD5
fa493613624b95072041b3c819d24ae5

SHA1
3427f26c2d69f12ee46208b1750a91f7eb5775d1

SHA256
2e57d88f68ac6416d3040c7e9bf7e8ee94ccb740ba1114786937694766f6d2b3

SHA512
45600a332a22cbc1620a1c2840b5a410b97032c8ffed2a3679d93190284ad6633236558f98c88ec2bdd992de5170c01c6c2e2020b49d8330cdbd9c20b9e9c94a

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Filesize
887KB

MD5
fa493613624b95072041b3c819d24ae5

SHA1
3427f26c2d69f12ee46208b1750a91f7eb5775d1

SHA256
2e57d88f68ac6416d3040c7e9bf7e8ee94ccb740ba1114786937694766f6d2b3

SHA512
45600a332a22cbc1620a1c2840b5a410b97032c8ffed2a3679d93190284ad6633236558f98c88ec2bdd992de5170c01c6c2e2020b49d8330cdbd9c20b9e9c94a

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Filesize
887KB

MD5
fa493613624b95072041b3c819d24ae5

SHA1
3427f26c2d69f12ee46208b1750a91f7eb5775d1

SHA256
2e57d88f68ac6416d3040c7e9bf7e8ee94ccb740ba1114786937694766f6d2b3

SHA512
45600a332a22cbc1620a1c2840b5a410b97032c8ffed2a3679d93190284ad6633236558f98c88ec2bdd992de5170c01c6c2e2020b49d8330cdbd9c20b9e9c94a

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Filesize
887KB

MD5
fa493613624b95072041b3c819d24ae5

SHA1
3427f26c2d69f12ee46208b1750a91f7eb5775d1

SHA256
2e57d88f68ac6416d3040c7e9bf7e8ee94ccb740ba1114786937694766f6d2b3

SHA512
45600a332a22cbc1620a1c2840b5a410b97032c8ffed2a3679d93190284ad6633236558f98c88ec2bdd992de5170c01c6c2e2020b49d8330cdbd9c20b9e9c94a

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1e835ba7ad110ecf49806efc820067a0.exe

Filesize
887KB

MD5
fa493613624b95072041b3c819d24ae5

SHA1
3427f26c2d69f12ee46208b1750a91f7eb5775d1

SHA256
2e57d88f68ac6416d3040c7e9bf7e8ee94ccb740ba1114786937694766f6d2b3

SHA512
45600a332a22cbc1620a1c2840b5a410b97032c8ffed2a3679d93190284ad6633236558f98c88ec2bdd992de5170c01c6c2e2020b49d8330cdbd9c20b9e9c94a

Download Submit
memory/2268-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2268-13-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2520-8-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2520-9-0x0000000002EB0000-0x0000000002F9D000-memory.dmp

Filesize
948KB

Download
memory/2520-14-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download