Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
15/11/2023, 01:14
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe
-
Size
200KB
-
MD5
a10b99f3098986f1c7fab84ab000d5c0
-
SHA1
3fe10ad2e426e38e0231d856e2ce864d8988bb5c
-
SHA256
9496ec23a33b546888ae5cfd2dfa0460aba9d32b225ecb5159c25564a22633b3
-
SHA512
89719c81923fc15c9629ed76108bb3dbc274525662c295fd9eedc8140769a39200156dec11e3dd5867f4f12ab90076d25cc2054704676173465f168c9621b668
-
SSDEEP
3072:xpML+sLi9YCM3Ji+nx/x7yuOW6zDXxhktTBsYzQzaMuEPguUYGXgUB7u:DmVO965i+nxZ7yuOl0tTKPXuZudG1B7u
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2292 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe -
Executes dropped EXE 1 IoCs
pid Process 2292 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe -
Loads dropped DLL 1 IoCs
pid Process 2508 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2508 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2292 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2508 wrote to memory of 2292 2508 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe 29 PID 2508 wrote to memory of 2292 2508 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe 29 PID 2508 wrote to memory of 2292 2508 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe 29 PID 2508 wrote to memory of 2292 2508 NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\NEAS.a10b99f3098986f1c7fab84ab000d5c0.exeC:\Users\Admin\AppData\Local\Temp\NEAS.a10b99f3098986f1c7fab84ab000d5c0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2292
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD5a47fede79889e9f2059f1de05c144a00
SHA1d70f8bcc11d11f571ad34718516d366467a4fe68
SHA25644aa30835f135e8b9158c55ff9926a1e03b9838daeee212b9eb621aeb767d766
SHA512a9d9fae74aad268248e8b22851bfb0715030c9d991eb8301b9c519136359ea29022edce43b32d059d8e8d0c2de948896a1fda1cad55c299a925ac16a10b45c34
-
Filesize
200KB
MD5a47fede79889e9f2059f1de05c144a00
SHA1d70f8bcc11d11f571ad34718516d366467a4fe68
SHA25644aa30835f135e8b9158c55ff9926a1e03b9838daeee212b9eb621aeb767d766
SHA512a9d9fae74aad268248e8b22851bfb0715030c9d991eb8301b9c519136359ea29022edce43b32d059d8e8d0c2de948896a1fda1cad55c299a925ac16a10b45c34