Overview

overview

7

Static

static

7

NEAS.bee51...40.exe

windows7-x64

7

NEAS.bee51...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2023, 14:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.bee513328d36a9bded5d635d2b7ee440.exe

  • Size

    122KB

  • MD5

    bee513328d36a9bded5d635d2b7ee440

  • SHA1

    6f55fbce05e18f7b43910513d3a29b7d6a752d06

  • SHA256

    c6897b7d6a585b4c21a9f34388bbcd23aaa48c40cc4d70cc8c149a7bdedcd4df

  • SHA512

    e76c9db52df97112fe8d552dfa0cb7275091f0eb74fda1258ea89d77efe8c8dbce869a039a8ca549272f07a256aab6a4c6aade85ad550e694d70feb1078bccd3

  • SSDEEP

    3072:1VHTX8JuEo5MQDIfVJu3YyUFbpI6HDh29u+/3Irel:1Vz7jeXfjuIxkc29u+k8

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.bee513328d36a9bded5d635d2b7ee440.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bee513328d36a9bded5d635d2b7ee440.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Users\Admin\AppData\Local\Temp\NEAS.bee513328d36a9bded5d635d2b7ee440.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.bee513328d36a9bded5d635d2b7ee440.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4584

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\NEAS.bee513328d36a9bded5d635d2b7ee440.exe
          Filesize

          122KB

          MD5

          65d1dbf50583bf652dd77857e7723356

          SHA1

          ad6f632e6082ca5007a3df3e87628ac643c8c44e

          SHA256

          94d96f3cbeb23182ac05cd8bd33260d0481e5e3fad67a2e43d8ba5a6fa822665

          SHA512

          e77da403043c854b8b93dc82cccffd7e4ee8e4dce2850a73a41ac94240703e01b3e3968ee7e40d4ba219697629604828b33d29512b2fc6f4225a6e112d8b7988

          Download Submit

        • memory/1232-0-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download

        • memory/1232-1-0x00000000000E0000-0x00000000000FF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1232-2-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/1232-13-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4584-14-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download

        • memory/4584-16-0x00000000000C0000-0x00000000000DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4584-22-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4584-25-0x00000000001D0000-0x00000000001EE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4584-28-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download