dfa1a46d34856fa0d06b6c6bf7581439f88342b4e80d2e12f71069873a66b955

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12-11-2023 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.128776e83e3d08a07d4572513867d950.exe
Size

220KB
MD5

128776e83e3d08a07d4572513867d950
SHA1

abba4635064e8a8814bbd8a04341437741ef9cac
SHA256

dfa1a46d34856fa0d06b6c6bf7581439f88342b4e80d2e12f71069873a66b955
SHA512

e3bbac6401f02857f5a615cc2451cd54f84393a81f19d6badb1d5d9975416591c01f695ebf90ed2b6ebf4f8c7f4a90e1059a812f550b78d77f07e835c1e197d6
SSDEEP

3072:6e7WpXR9B3NZWGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2Fr:Rqz9ZNoShcHUaV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2080	_cpack.exe
1508	Zombie.exe

Loads dropped DLL 3 IoCs

pid	Process
1940	NEAS.128776e83e3d08a07d4572513867d950.exe
1940	NEAS.128776e83e3d08a07d4572513867d950.exe
1940	NEAS.128776e83e3d08a07d4572513867d950.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	NEAS.128776e83e3d08a07d4572513867d950.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	NEAS.128776e83e3d08a07d4572513867d950.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2080	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	29
PID 1940 wrote to memory of 2080	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	29
PID 1940 wrote to memory of 2080	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	29
PID 1940 wrote to memory of 2080	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	29
PID 1940 wrote to memory of 1508	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	28
PID 1940 wrote to memory of 1508	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	28
PID 1940 wrote to memory of 1508	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	28
PID 1940 wrote to memory of 1508	1940	NEAS.128776e83e3d08a07d4572513867d950.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.128776e83e3d08a07d4572513867d950.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.128776e83e3d08a07d4572513867d950.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Users\Admin\AppData\Local\Temp\_cpack.exe
  "_cpack.exe"
  2⤵
  - Executes dropped EXE
  PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2084844033-2744876406-2053742436-1000\desktop.ini.tmp

Filesize
81KB

MD5
23afc607c1cef512d7a75c16241a6ee5

SHA1
b11fdb683a2b8b117ad1af4a1b43ec08a17198fa

SHA256
5ac22207c22a67fe41e0127896f499ca4b23aabe1adb877598c868773b184142

SHA512
2bf5f700b90c3fcb6449b38fda13d4c01d54ba8299a991e9d0aaa4843c0c0ee6f4173c41c5e10842ebddb2033d66dc2b8844f37e567de9a4901ed5f1334956a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_cpack.exe

Filesize
140KB

MD5
caad373422b474737f4d76fb82379581

SHA1
6804be1ae8bfd3858e0053915f75d4b611790bc5

SHA256
22c0d54e96431ebae4d40546f4efe6af61d1a9644710f93dc32ec2ca6cf2ba75

SHA512
dbaba0bc94aaeddb9811b0b9fd923f763ef8c7e290153e21e295230fdbe9c683dbf0b096eda3a3eb06e4ff9733cb3e9906737a1b5ee8e6af034680c198b95dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_cpack.exe

Filesize
140KB

MD5
caad373422b474737f4d76fb82379581

SHA1
6804be1ae8bfd3858e0053915f75d4b611790bc5

SHA256
22c0d54e96431ebae4d40546f4efe6af61d1a9644710f93dc32ec2ca6cf2ba75

SHA512
dbaba0bc94aaeddb9811b0b9fd923f763ef8c7e290153e21e295230fdbe9c683dbf0b096eda3a3eb06e4ff9733cb3e9906737a1b5ee8e6af034680c198b95dd5

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
80KB

MD5
327fae54b25f17c89886114f5f3d64c9

SHA1
77664a47aed46d07260a17d2792be5ff9166e1f4

SHA256
e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

SHA512
a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
80KB

MD5
327fae54b25f17c89886114f5f3d64c9

SHA1
77664a47aed46d07260a17d2792be5ff9166e1f4

SHA256
e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

SHA512
a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
80KB

MD5
327fae54b25f17c89886114f5f3d64c9

SHA1
77664a47aed46d07260a17d2792be5ff9166e1f4

SHA256
e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

SHA512
a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

Download Submit
\Users\Admin\AppData\Local\Temp\_cpack.exe

Filesize
140KB

MD5
caad373422b474737f4d76fb82379581

SHA1
6804be1ae8bfd3858e0053915f75d4b611790bc5

SHA256
22c0d54e96431ebae4d40546f4efe6af61d1a9644710f93dc32ec2ca6cf2ba75

SHA512
dbaba0bc94aaeddb9811b0b9fd923f763ef8c7e290153e21e295230fdbe9c683dbf0b096eda3a3eb06e4ff9733cb3e9906737a1b5ee8e6af034680c198b95dd5

Download Submit
\Windows\SysWOW64\Zombie.exe

Filesize
80KB

MD5
327fae54b25f17c89886114f5f3d64c9

SHA1
77664a47aed46d07260a17d2792be5ff9166e1f4

SHA256
e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

SHA512
a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

Download Submit
\Windows\SysWOW64\Zombie.exe

Filesize
80KB

MD5
327fae54b25f17c89886114f5f3d64c9

SHA1
77664a47aed46d07260a17d2792be5ff9166e1f4

SHA256
e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

SHA512
a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

Download Submit
memory/2080-19-0x0000000000C40000-0x0000000000C68000-memory.dmp

Filesize
160KB

Download
memory/2080-20-0x000007FEF6140000-0x000007FEF6B2C000-memory.dmp

Filesize
9.9MB

Download
memory/2080-27-0x000007FEF6140000-0x000007FEF6B2C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads