Overview

overview

8

Static

static

3

NEAS.e859e...90.exe

windows7-x64

8

NEAS.e859e...90.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    15/11/2023, 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.e859ee6f37ddb9c86e44ee1c7bba2490.exe

  • Size

    222KB

  • MD5

    e859ee6f37ddb9c86e44ee1c7bba2490

  • SHA1

    d5ea7ced6afffa0d9c208705981d6e86e0642d2a

  • SHA256

    f0ee5cd70e07b7f35715d51c4b250795554b49207bf23473c9e6ee6729b5b36f

  • SHA512

    65e835a20b0aafd414522a40fc0f09afe76f313f10396519cf3551a45ebeac60780b9c3c0ce4fa4ead4a85d03c3f5bce7b19d518987ad812849815d3a29e4da7

  • SSDEEP

    3072:dxGcwApj6FHzId1WmJ+UrdoI5iCCWm2x5wa3ny/7LsMaP8Tp:dxxpjAHzId1MUeI4CdRYa3ny/7mP8d

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.e859ee6f37ddb9c86e44ee1c7bba2490.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e859ee6f37ddb9c86e44ee1c7bba2490.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2484
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {57F03E36-EFA8-401E-856C-0F48259D9DA3} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\PROGRA~3\Mozilla\zimfrwc.exe
      C:\PROGRA~3\Mozilla\zimfrwc.exe -gtjzibe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\zimfrwc.exe
    Filesize

    222KB

    MD5

    55315539160ea4003f9fb88b2044c984

    SHA1

    9a63528268f36b7d843cbf4dcc633d845c5a3581

    SHA256

    3a2fb241ba45010318bf3235bf59329a9a6976ffec61aff6c3ac795691099afe

    SHA512

    b8a3fd55aa68280e2e51dc5a7ebd171d4c6ff2e3def540a9570d0923f43cd25668bf7536ee54cff0eb8a7151a9f3a3b1fad9a53864fa8498a70fb45ae7126f04

    Download Submit

  • C:\PROGRA~3\Mozilla\zimfrwc.exe
    Filesize

    222KB

    MD5

    55315539160ea4003f9fb88b2044c984

    SHA1

    9a63528268f36b7d843cbf4dcc633d845c5a3581

    SHA256

    3a2fb241ba45010318bf3235bf59329a9a6976ffec61aff6c3ac795691099afe

    SHA512

    b8a3fd55aa68280e2e51dc5a7ebd171d4c6ff2e3def540a9570d0923f43cd25668bf7536ee54cff0eb8a7151a9f3a3b1fad9a53864fa8498a70fb45ae7126f04

    Download Submit

  • memory/2272-7-0x0000000000840000-0x000000000089B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2272-8-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2272-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2484-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2484-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2484-2-0x0000000000260000-0x00000000002BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2484-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download