5fc572c04945a3b9e21dcf4a52f4cceffedc437b151a9fb882220b8cec24f598

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12-11-2023 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.efa1c7b0dce7449656023413e84161b0.exe
Size

37KB
MD5

efa1c7b0dce7449656023413e84161b0
SHA1

b002f8fb908685489ec883d6a33f65264d41e0c8
SHA256

5fc572c04945a3b9e21dcf4a52f4cceffedc437b151a9fb882220b8cec24f598
SHA512

a77057c3586ec3b3a371f038bc39b4f710c222fbccedcdf0711cbb9ab2e296eb996521cd0956544ce6646cce042f1e6df23efda577ab39403a837b20f0a00793
SSDEEP

768:cSPMaRx4WOz2olOPQOl23aeh23J8ar9SUDWT0H5qHS6zG9VBuUJRnyab:jMaAWOz2YOFw3ae4ptaq5qHSlTBuTab

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2136	Un_A.exe

Loads dropped DLL 1 IoCs

pid	Process
1612	NEAS.efa1c7b0dce7449656023413e84161b0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2136	Un_A.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2136	1612	NEAS.efa1c7b0dce7449656023413e84161b0.exe	21
PID 1612 wrote to memory of 2136	1612	NEAS.efa1c7b0dce7449656023413e84161b0.exe	21
PID 1612 wrote to memory of 2136	1612	NEAS.efa1c7b0dce7449656023413e84161b0.exe	21
PID 1612 wrote to memory of 2136	1612	NEAS.efa1c7b0dce7449656023413e84161b0.exe	21

C:\Users\Admin\AppData\Local\Temp\NEAS.efa1c7b0dce7449656023413e84161b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.efa1c7b0dce7449656023413e84161b0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
37KB

MD5
efa1c7b0dce7449656023413e84161b0

SHA1
b002f8fb908685489ec883d6a33f65264d41e0c8

SHA256
5fc572c04945a3b9e21dcf4a52f4cceffedc437b151a9fb882220b8cec24f598

SHA512
a77057c3586ec3b3a371f038bc39b4f710c222fbccedcdf0711cbb9ab2e296eb996521cd0956544ce6646cce042f1e6df23efda577ab39403a837b20f0a00793

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
37KB

MD5
efa1c7b0dce7449656023413e84161b0

SHA1
b002f8fb908685489ec883d6a33f65264d41e0c8

SHA256
5fc572c04945a3b9e21dcf4a52f4cceffedc437b151a9fb882220b8cec24f598

SHA512
a77057c3586ec3b3a371f038bc39b4f710c222fbccedcdf0711cbb9ab2e296eb996521cd0956544ce6646cce042f1e6df23efda577ab39403a837b20f0a00793

Download Submit
\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
37KB

MD5
efa1c7b0dce7449656023413e84161b0

SHA1
b002f8fb908685489ec883d6a33f65264d41e0c8

SHA256
5fc572c04945a3b9e21dcf4a52f4cceffedc437b151a9fb882220b8cec24f598

SHA512
a77057c3586ec3b3a371f038bc39b4f710c222fbccedcdf0711cbb9ab2e296eb996521cd0956544ce6646cce042f1e6df23efda577ab39403a837b20f0a00793

Download Submit