8f274b8ff3e5304c69ca20d389d2bb4ef3fba63516dfd5d730c3a9c56725fd37

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 19:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe
Size

93KB
MD5

42b1c4c55e0f877370bbbdb1e7077660
SHA1

4920b58838603caa4a96f6c693aada7a20efee2c
SHA256

8f274b8ff3e5304c69ca20d389d2bb4ef3fba63516dfd5d730c3a9c56725fd37
SHA512

01511166d302d9a194977297d1eb5691b00cd5966211ef3b76b6c38a194ae35665dd9bf7e72810374f1a08f2b1bd20eb9f6bf3aedf7b51202c98d552fe0e3193
SSDEEP

1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7v:tiAyLN9qa+oEGrWViJSzIR6JJrWNZN

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1272	WwanSvc.exe

Loads dropped DLL 1 IoCs

pid	Process
2248	NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1272	2248	NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe	28
PID 2248 wrote to memory of 1272	2248	NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe	28
PID 2248 wrote to memory of 1272	2248	NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe	28
PID 2248 wrote to memory of 1272	2248	NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.42b1c4c55e0f877370bbbdb1e7077660.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2248
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
c1ba41f1ce5862d8e3ce431d6cd52ec9

SHA1
084a16833860fa0edf11e917b4de7e3c96fc4554

SHA256
f2a7e930ecdd2d43a8c1edf653907500c6a1115fe546c15450fe509cf384c8db

SHA512
2034bd4186953b9c1825659435ab052f59770da4ff13a7ac76473eb7929380231d2c28c6331440cf07885c1ad50d25cc6174d9e7d883cac1825d24aa50638b27

Download Submit
\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
c1ba41f1ce5862d8e3ce431d6cd52ec9

SHA1
084a16833860fa0edf11e917b4de7e3c96fc4554

SHA256
f2a7e930ecdd2d43a8c1edf653907500c6a1115fe546c15450fe509cf384c8db

SHA512
2034bd4186953b9c1825659435ab052f59770da4ff13a7ac76473eb7929380231d2c28c6331440cf07885c1ad50d25cc6174d9e7d883cac1825d24aa50638b27

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads