96d39975ac48763d89a51915751d03032cc46e3b571688c64a619744709c2e76

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
06/11/2023, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.de8d3a63b310c3b588495409a1d158a0.exe
Size

83KB
MD5

de8d3a63b310c3b588495409a1d158a0
SHA1

203ef612ce685a7db6fcae1f1058d7511696a93a
SHA256

96d39975ac48763d89a51915751d03032cc46e3b571688c64a619744709c2e76
SHA512

3aeb17b8826c903dc1cb418f0ddee06652c25699d74ee09a4203f42075e9e9996629371ce8bbcde5f3dc3d7c438d6625a69e97078877655713a8d0221663000a
SSDEEP

1536:TD3szgtn09bnHAKGtVLH1UEdMpkczEwSpTN1XObJ5mu7Jzbvql3SXkaSJAgLez:szgtn097HA1VLHHjczEwStNdObJp7JHh

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1340	NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Executes dropped EXE 1 IoCs

pid	Process
1340	NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe
1340	NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1340	2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe	29
PID 2040 wrote to memory of 1340	2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe	29
PID 2040 wrote to memory of 1340	2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe	29
PID 2040 wrote to memory of 1340	2040	NEAS.de8d3a63b310c3b588495409a1d158a0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Filesize
83KB

MD5
96e6a2406de6d32bd9fbd936a600a9b6

SHA1
143dc5797eac7b09c8c9e7bdf7d7429dcfa38f0e

SHA256
6a15a012d1c4ea47454abf143b2d3f19fc68ff25c6da24624458b723d259417d

SHA512
92705b09adfcf06b3eff1e88d997b17821d203345197be95ea033624c004f5c9fa78f82084e44ea85b1315d7d983a9711de58551f04a8c73a4518615074e8719

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Filesize
83KB

MD5
96e6a2406de6d32bd9fbd936a600a9b6

SHA1
143dc5797eac7b09c8c9e7bdf7d7429dcfa38f0e

SHA256
6a15a012d1c4ea47454abf143b2d3f19fc68ff25c6da24624458b723d259417d

SHA512
92705b09adfcf06b3eff1e88d997b17821d203345197be95ea033624c004f5c9fa78f82084e44ea85b1315d7d983a9711de58551f04a8c73a4518615074e8719

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe

Filesize
83KB

MD5
96e6a2406de6d32bd9fbd936a600a9b6

SHA1
143dc5797eac7b09c8c9e7bdf7d7429dcfa38f0e

SHA256
6a15a012d1c4ea47454abf143b2d3f19fc68ff25c6da24624458b723d259417d

SHA512
92705b09adfcf06b3eff1e88d997b17821d203345197be95ea033624c004f5c9fa78f82084e44ea85b1315d7d983a9711de58551f04a8c73a4518615074e8719

Download Submit
memory/1340-16-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1340-19-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/1340-24-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/1340-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1340-29-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2040-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2040-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2040-8-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2040-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download