Overview

overview

7

Static

static

3

NEAS.de8d3...a0.exe

windows7-x64

7

NEAS.de8d3...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2023, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.de8d3a63b310c3b588495409a1d158a0.exe

  • Size

    83KB

  • MD5

    de8d3a63b310c3b588495409a1d158a0

  • SHA1

    203ef612ce685a7db6fcae1f1058d7511696a93a

  • SHA256

    96d39975ac48763d89a51915751d03032cc46e3b571688c64a619744709c2e76

  • SHA512

    3aeb17b8826c903dc1cb418f0ddee06652c25699d74ee09a4203f42075e9e9996629371ce8bbcde5f3dc3d7c438d6625a69e97078877655713a8d0221663000a

  • SSDEEP

    1536:TD3szgtn09bnHAKGtVLH1UEdMpkczEwSpTN1XObJ5mu7Jzbvql3SXkaSJAgLez:szgtn097HA1VLHHjczEwStNdObJp7JHh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.de8d3a63b310c3b588495409a1d158a0.exe
    Filesize

    83KB

    MD5

    fbb1e6d5dbd27678638512869c743eb5

    SHA1

    fc4ccd0af2edb3f8d9e10d0c2d3e1b784f3050e5

    SHA256

    15eddf811db39e353a17d2a8b679b1b39228c9157b363521b79f6cc281682446

    SHA512

    03d2a0e45081a4188aebcaca007e51425334a6a1f12bb51126d105abf2373fca9fb9f3e70bee5af7190574ae178122012fe01ae949b1c4bb405d09fa275aa8ec

    Download Submit

  • memory/728-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/728-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/728-21-0x00000000014E0000-0x00000000014FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/728-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/728-26-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3996-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3996-1-0x00000000000F0000-0x000000000011F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3996-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3996-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download