Analysis

  • max time kernel
    13s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 06:17

General

  • Target

    NEAS.cef0c022ffacd0df644fa31a5aa2bd60.exe

  • Size

    45KB

  • MD5

    cef0c022ffacd0df644fa31a5aa2bd60

  • SHA1

    6e2d4a744b29ad298e3a17e7040253d4dddf220e

  • SHA256

    96f193b9ab2b7a6e3017b80489583486458727d9be86c302669afb2b1972328c

  • SHA512

    06f66c38426d7f8ba2e214a6c973ac1b39c90bbe4156ea5dc22d4279ccdb4564609bd6ae969f6340f289e82b438bafdf4a23b7e6bb3ec014c0926dc2384ce48d

  • SSDEEP

    384:u2T+/jvJ7+gFrJk04OMcYyOVJ9KRqnGTq/yX9k7uaaTiOmCdIniQG61COIV3NhW2:BOZ+gr36q1y/youIMdIniQG61tIVTB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.cef0c022ffacd0df644fa31a5aa2bd60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cef0c022ffacd0df644fa31a5aa2bd60.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Users\Admin\AppData\Local\Temp\comupdater.exe
      "C:\Users\Admin\AppData\Local\Temp\comupdater.exe"
      2⤵
      • Executes dropped EXE
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\comupdater.exe

    Filesize

    46KB

    MD5

    90edf9e5f2e7fadf1e00b1d877605d94

    SHA1

    77dfe1de87476a4d697b3cc17b9e9b420a1c1028

    SHA256

    f327c8bc35b2b6b7cac7aae883c0e2600376b9c96888b99cceca4f992267c81b

    SHA512

    39399f58d5dba8ebd38d1d124ad6678347437f0c1b3d7213458c865836d281f7b59956e6af9f10b76803cf978fefbcbfc4a5087c8688b556183f9ef3e022357a

  • C:\Users\Admin\AppData\Local\Temp\comupdater.exe

    Filesize

    46KB

    MD5

    90edf9e5f2e7fadf1e00b1d877605d94

    SHA1

    77dfe1de87476a4d697b3cc17b9e9b420a1c1028

    SHA256

    f327c8bc35b2b6b7cac7aae883c0e2600376b9c96888b99cceca4f992267c81b

    SHA512

    39399f58d5dba8ebd38d1d124ad6678347437f0c1b3d7213458c865836d281f7b59956e6af9f10b76803cf978fefbcbfc4a5087c8688b556183f9ef3e022357a

  • \Users\Admin\AppData\Local\Temp\comupdater.exe

    Filesize

    46KB

    MD5

    90edf9e5f2e7fadf1e00b1d877605d94

    SHA1

    77dfe1de87476a4d697b3cc17b9e9b420a1c1028

    SHA256

    f327c8bc35b2b6b7cac7aae883c0e2600376b9c96888b99cceca4f992267c81b

    SHA512

    39399f58d5dba8ebd38d1d124ad6678347437f0c1b3d7213458c865836d281f7b59956e6af9f10b76803cf978fefbcbfc4a5087c8688b556183f9ef3e022357a

  • memory/1996-0-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

  • memory/2308-7-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB