Overview

overview

10

Static

static

3

NEAS.4124e...00.exe

windows7-x64

10

NEAS.4124e...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    210s
  • max time network
    230s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-11-2023 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.4124ecb309aecaad72e04ee68d48b300.exe

  • Size

    135KB

  • MD5

    4124ecb309aecaad72e04ee68d48b300

  • SHA1

    eeead9c39a8cc09b107fdd3159867fe71c0d3233

  • SHA256

    6855231b153d3ca40a5981c0ddce3845bf2896efbe59e2f762f786acc7cd9fe0

  • SHA512

    a8cc34968b3280e9b1ea75a055bb26a25cc0dab69951a40086ecf70da055dcb0f97012ff230cc38b0ac0fc4aa816d288ade18eca1beeb68996a8ca1d616cee33

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbV89:UVqoCl/YgjxEufVU0TbTyDDalS9

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.4124ecb309aecaad72e04ee68d48b300.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4124ecb309aecaad72e04ee68d48b300.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4496
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4092
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1908
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4792
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:3392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    f11d5d9de23c03471fc6902783e10a9e

    SHA1

    aa514ec1afe419ffa8090ff784fe881013f5a6d0

    SHA256

    53bbad316dd72ddc45a530b44956a476da8382e223a21a1d52791ee6a6b55089

    SHA512

    1dae9c87bf45607b26ee36722a8b7721bea5191a9ca3592beef01d1c8c52e5575abef8a3f6a1ac43da64526f5ef5f5187f27d8d16f3c117e8ad4232d30e8bd2d

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0fa994dff3f09b5de0465f1176b90da0

    SHA1

    cc0707e654642641895223f1f43bc93e662f1c5d

    SHA256

    65c99182ad8fc4ef016b033274dd11764be2d323bba40371d674188c526f575d

    SHA512

    27c0da323d7b310baaa977068771756375a5ef000d9ca7f2de45dec5b792ff8e3326e1f4892ddad0a08d6f89e19c741652524492865c8f7e3eda282d98f60d11

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0fa994dff3f09b5de0465f1176b90da0

    SHA1

    cc0707e654642641895223f1f43bc93e662f1c5d

    SHA256

    65c99182ad8fc4ef016b033274dd11764be2d323bba40371d674188c526f575d

    SHA512

    27c0da323d7b310baaa977068771756375a5ef000d9ca7f2de45dec5b792ff8e3326e1f4892ddad0a08d6f89e19c741652524492865c8f7e3eda282d98f60d11

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0fa994dff3f09b5de0465f1176b90da0

    SHA1

    cc0707e654642641895223f1f43bc93e662f1c5d

    SHA256

    65c99182ad8fc4ef016b033274dd11764be2d323bba40371d674188c526f575d

    SHA512

    27c0da323d7b310baaa977068771756375a5ef000d9ca7f2de45dec5b792ff8e3326e1f4892ddad0a08d6f89e19c741652524492865c8f7e3eda282d98f60d11

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    186c77311f345553db2f2059cba47127

    SHA1

    6268451650c09673e96945eef705a1b08eaef10a

    SHA256

    cad4bfa889f118d6e0295cce7b631839d78cf9dc8bf16c9ea013761b3db3954e

    SHA512

    9b3d5bdfe41a8692d9740efbb741fbef6d8abf69fdeeb8c35d4b2e87f7325e87faeed7fa0a0ba5ec0cb0cb42ae4b6445552e40bcdbfdb35cdce2b3916a0f686a

    Download Submit

  • \??\c:\windows\resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0fa994dff3f09b5de0465f1176b90da0

    SHA1

    cc0707e654642641895223f1f43bc93e662f1c5d

    SHA256

    65c99182ad8fc4ef016b033274dd11764be2d323bba40371d674188c526f575d

    SHA512

    27c0da323d7b310baaa977068771756375a5ef000d9ca7f2de45dec5b792ff8e3326e1f4892ddad0a08d6f89e19c741652524492865c8f7e3eda282d98f60d11

    Download Submit

  • \??\c:\windows\resources\svchost.exe
    Filesize

    135KB

    MD5

    186c77311f345553db2f2059cba47127

    SHA1

    6268451650c09673e96945eef705a1b08eaef10a

    SHA256

    cad4bfa889f118d6e0295cce7b631839d78cf9dc8bf16c9ea013761b3db3954e

    SHA512

    9b3d5bdfe41a8692d9740efbb741fbef6d8abf69fdeeb8c35d4b2e87f7325e87faeed7fa0a0ba5ec0cb0cb42ae4b6445552e40bcdbfdb35cdce2b3916a0f686a

    Download Submit

  • \??\c:\windows\resources\themes\explorer.exe
    Filesize

    135KB

    MD5

    f11d5d9de23c03471fc6902783e10a9e

    SHA1

    aa514ec1afe419ffa8090ff784fe881013f5a6d0

    SHA256

    53bbad316dd72ddc45a530b44956a476da8382e223a21a1d52791ee6a6b55089

    SHA512

    1dae9c87bf45607b26ee36722a8b7721bea5191a9ca3592beef01d1c8c52e5575abef8a3f6a1ac43da64526f5ef5f5187f27d8d16f3c117e8ad4232d30e8bd2d

    Download Submit

  • memory/1908-17-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1908-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3392-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4496-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4496-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download