b46d96b2cefbd2515006c3b9e245ee48958883166bf0b40842235a91295c58df

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe
Size

18KB
MD5

d1e0c6df79917dc2d8a5c2369114ccf0
SHA1

a964a9db04e16ecc0182ba12f4494ff6fd91e402
SHA256

b46d96b2cefbd2515006c3b9e245ee48958883166bf0b40842235a91295c58df
SHA512

500acd275a502368f0ecba298589868450cad25036df4572f43ba5f1eab9077a2bdcc23387fa7d52133388fc40fae243fdf67aa97e41221893b3f0803546cf3d
SSDEEP

192:SRTQZOwUdXbg2+K+mBPu5wwKqlMJ7/+K+J3QUyqQ8888Lb8+nZ5LfH2kPdi+0J0u:WW5wwhuqL6hwqk4w

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2360	laszi.exe

Loads dropped DLL 2 IoCs

pid	Process
1180	NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe
1180	NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2360	1180	NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe	28
PID 1180 wrote to memory of 2360	1180	NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe	28
PID 1180 wrote to memory of 2360	1180	NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe	28
PID 1180 wrote to memory of 2360	1180	NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d1e0c6df79917dc2d8a5c2369114ccf0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\laszi.exe
  "C:\Users\Admin\AppData\Local\Temp\laszi.exe"
  2⤵
  - Executes dropped EXE
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\laszi.exe

Filesize
18KB

MD5
3c5980260f0968c423c3ad4a4682e1f8

SHA1
26aa31d0216499c53624644181d31397ff0ed76f

SHA256
c91bc03ba1e5b5284bdb95f93d6ee01d45ecfd0d483c114bfa1ff39f6eaada36

SHA512
845096d5866f5b9dfb1618c62ab42ffd265b89ff354ee1aefffac9145275b811708aa451b637e8c190cb2f30d59cb25e3a8ce76b515a6aebbc8ae40a8f809354

Download Submit
C:\Users\Admin\AppData\Local\Temp\laszi.exe

Filesize
18KB

MD5
3c5980260f0968c423c3ad4a4682e1f8

SHA1
26aa31d0216499c53624644181d31397ff0ed76f

SHA256
c91bc03ba1e5b5284bdb95f93d6ee01d45ecfd0d483c114bfa1ff39f6eaada36

SHA512
845096d5866f5b9dfb1618c62ab42ffd265b89ff354ee1aefffac9145275b811708aa451b637e8c190cb2f30d59cb25e3a8ce76b515a6aebbc8ae40a8f809354

Download Submit
C:\Users\Admin\AppData\Local\Temp\laszi.exe

Filesize
18KB

MD5
3c5980260f0968c423c3ad4a4682e1f8

SHA1
26aa31d0216499c53624644181d31397ff0ed76f

SHA256
c91bc03ba1e5b5284bdb95f93d6ee01d45ecfd0d483c114bfa1ff39f6eaada36

SHA512
845096d5866f5b9dfb1618c62ab42ffd265b89ff354ee1aefffac9145275b811708aa451b637e8c190cb2f30d59cb25e3a8ce76b515a6aebbc8ae40a8f809354

Download Submit
\Users\Admin\AppData\Local\Temp\laszi.exe

Filesize
18KB

MD5
3c5980260f0968c423c3ad4a4682e1f8

SHA1
26aa31d0216499c53624644181d31397ff0ed76f

SHA256
c91bc03ba1e5b5284bdb95f93d6ee01d45ecfd0d483c114bfa1ff39f6eaada36

SHA512
845096d5866f5b9dfb1618c62ab42ffd265b89ff354ee1aefffac9145275b811708aa451b637e8c190cb2f30d59cb25e3a8ce76b515a6aebbc8ae40a8f809354

Download Submit
\Users\Admin\AppData\Local\Temp\laszi.exe

Filesize
18KB

MD5
3c5980260f0968c423c3ad4a4682e1f8

SHA1
26aa31d0216499c53624644181d31397ff0ed76f

SHA256
c91bc03ba1e5b5284bdb95f93d6ee01d45ecfd0d483c114bfa1ff39f6eaada36

SHA512
845096d5866f5b9dfb1618c62ab42ffd265b89ff354ee1aefffac9145275b811708aa451b637e8c190cb2f30d59cb25e3a8ce76b515a6aebbc8ae40a8f809354

Download Submit
memory/1180-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2360-11-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download