5ec5b9801bdf2f1b5d6b8e06d2356e8e161fbfd44caabdc83abb0a5b24a8d565

Analysis

max time kernel
133s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
Size

1.5MB
MD5

460d8ec6e3ebe92513320b5a86a838b0
SHA1

e60c3c85d9bdf61577aab1c6330f240ea72b5e84
SHA256

5ec5b9801bdf2f1b5d6b8e06d2356e8e161fbfd44caabdc83abb0a5b24a8d565
SHA512

d1b26e3d6945b5a71ee6d2ca397bc9afa7dcc99ca78f4baa01a638fa5a52892c10d2dbe71b920a34fe1ad43635d91c753c0c1a4369bc885079ff95227549204f
SSDEEP

3072:AZUWlN3tGXRvjxCb5NgXDY7uSlkJcUa7kYQTcqW2NdQQGH/UDhSCUc4aqTBRwdp/:YFAlKgzelZNQSBQGH/CSpWqTXO

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\O:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\E:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\I:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\J:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\K:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\G:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\H:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\L:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened (read-only)	\??\M:	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe

Drops file in Program Files directory 43 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7z.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX47FD.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\7-Zip\7z.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\RCX3C3A.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\RCX3D08.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\RCX3D09.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A14.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4B40.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4B71.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\7-Zip\7z.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\RCX3C1A.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX3F8C.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\7-Zip\7zFM.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\7-Zip\7zFM.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX429B.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4B2F.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4B60.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX46D3.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\7z.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\RCX3CE7.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A13.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\RCX3CF7.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX3F7B.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX45D8.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File created	C:\Program Files\readme.1xt	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX41DE.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX485C.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A03.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4AF0.tmp	NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5072	4708	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.460d8ec6e3ebe92513320b5a86a838b0.exe"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
PID:4708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 836
  2⤵
  - Program crash
  PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4708 -ip 4708
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.5MB

MD5
5075abdc385ad49e075a024f38b101b4

SHA1
c4e07583e9f3f1ba61a4535559bbd1032354f66a

SHA256
ddb3ea04a8688a8eff486baed88b5ffd46a21d7da2a7ece0cb82ab8520e0593a

SHA512
28834a4b21e9ab2246314181ea4aa11afd87fd4ddb29f78483bbcee69076a289c1811e85bb5bcdbb0699d79c041bf73435978402083aad03d66e036ed213891e

Download Submit
C:\Program Files\7-Zip\7zFM.cab

Filesize
847KB

MD5
c8f40f25f783a52262bdaedeb5555427

SHA1
e45e198607c8d7398745baa71780e3e7a2f6deca

SHA256
e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316

SHA512
f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab

Filesize
281KB

MD5
3dc3594fb3b25c55081fe4b3226abbc2

SHA1
7eaddfd597fc76244f71f98877f7149c9e85dc9e

SHA256
6d54694077faf07473196da7b7f1c6981c8ad6a462fcea4777a80cfc6bc5769e

SHA512
8f268673c86e2c38d1713696ed25b75a565d8beb5b05ea755c9cbb12f625b8d4abfc1bb3f9f54c297ba4bd7dd9e465737c30f492aaef0034b0e1568ce13d2445

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
289KB

MD5
e6bc184224820d60db2d8a2ca0e8a7e4

SHA1
4584aa1b4a9bfae459a455fe34483a54456c47ef

SHA256
740e4fb3fe3e2976ca8dc529058c7ae4521ccb5d3000212e0d6c15ce393be864

SHA512
6ee4be19b224e60ff3301c0135c7f2f9b56666459be1df67b0e2762228b64891a5fbb75b5ad160772dde7ab53cb90e0155d819e99845d94edb3f909dc81f2260

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX3F7B.tmp

Filesize
1.5MB

MD5
6b7415abdd8004050b5694db1c47b456

SHA1
d19e268e6f7e6984cddfa63762a3bc1655631a6c

SHA256
f0a5cd4d70d2b0855c151586d1c4fb645cff0f7538dcb3674c42c25831e2ee23

SHA512
28603fced301e85e7eed231d363f7cfaf893837b178616db47fcc95f30493671a9bc73babb3d12208a46e9fd025fd0745a236274e6feed4676883c91e505e136

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab

Filesize
2.1MB

MD5
b8d69fa2755c3ab1f12f8866a8e2a4f7

SHA1
8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d

SHA256
7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd

SHA512
5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

Download Submit
C:\Program Files\Google\Chrome\Application\RCX4A03.tmp

Filesize
252KB

MD5
633744a3a5ef1ea84b69f504a29a246f

SHA1
82de19178d97ebf8d5f8909980e96bd672b602c4

SHA256
36240343b4bf0559f9b3a6e883965a50ad217d02d362b56ce985dcac8be0f29f

SHA512
8aece86f5339014318f5dc837158780198918a0a6fbb84d7b57d0d67186a2e5417c0261b5c8bb75be69cce44a980c95790d0a19c53b94cccffe266be8519eb80

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.cab

Filesize
2.8MB

MD5
095092f4e746810c5829038d48afd55a

SHA1
246eb3d41194dddc826049bbafeb6fc522ec044a

SHA256
2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

SHA512
7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

Download Submit