Overview

overview

7

Static

static

3

NEAS.76f50...e0.exe

windows7-x64

7

NEAS.76f50...e0.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2023 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.76f50a19ce4e2b11ab0173c8e41c5ae0.exe

  • Size

    124KB

  • MD5

    76f50a19ce4e2b11ab0173c8e41c5ae0

  • SHA1

    635a621fdbba5b9919f4efa0b345bb9fb827c9de

  • SHA256

    42879c5becde13286bc051146fab9cdeea9bf2691eed2e4f22376a51542a29b7

  • SHA512

    743622da16bdd1ec9d46f240c7c730c251707e721cc5cbc28cc09a99c388339eac5be62146d775668d055274d459c56de836e49ae07e64096d44f8985e711826

  • SSDEEP

    3072:MU+W+qNo3e9Sy/9sWWWjG7PLFs2Woz6m0G:L+WJ9SSlGrLFs2R

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 15 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1184
      • C:\Users\Admin\AppData\Local\Temp\NEAS.76f50a19ce4e2b11ab0173c8e41c5ae0.exe
        "C:\Users\Admin\AppData\Local\Temp\NEAS.76f50a19ce4e2b11ab0173c8e41c5ae0.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1916
        • C:\Users\Admin\AppData\Local\Temp\NEAS.76f50a19ce4e2b11ab0173c8e41c5ae0.exe
          "C:\Users\Admin\AppData\Local\Temp\NEAS.76f50a19ce4e2b11ab0173c8e41c5ae0.exe"
          3⤵
            PID:2060

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
        Filesize

        150KB

        MD5

        16d2a23a355a6d7d3f38797b9546681e

        SHA1

        24dc2ced9c5aa5d4140341c5ae2d54185d0a8961

        SHA256

        a78379df6adb7f3e86cd4f16a2d4e61abcae3d05faaee8d884e74730befdc82c

        SHA512

        fa37f2c21f0b355c76a4da4a520654334572ac077235e1abd7ad52fb22a47c35a3cfa10dbf542bea4f1b3bb9fa8bbdcf6181c27fba93e4c6816de91bf6bdbd06

        Download Submit

      • memory/1184-1-0x0000000002A00000-0x0000000002A01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1184-3-0x0000000002A00000-0x0000000002A01000-memory.dmp

        Filesize

        4KB

        Download