Overview

overview

7

Static

static

3

NEAS.66818...e0.exe

windows7-x64

7

NEAS.66818...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    15-11-2023 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.668184f3f27a234075b00560493da9e0.exe

  • Size

    7.9MB

  • MD5

    668184f3f27a234075b00560493da9e0

  • SHA1

    88d216d1df9d4edcc15bb6e145f40cfc3c1b16fb

  • SHA256

    66b3f062519afe47bf6d7889d9c895b5ca7297f5c7001de7978f7409cc658788

  • SHA512

    12f692f4d2f55103c18eb8d4792e428d12170506a46065968fcc170e9e8e62938e314be703401881a9d792c3f5629763c3c4767f5c766ca41050129d6152ca93

  • SSDEEP

    98304:RGB/hYIN3eETMNo0uHX/EmB2ot+YUiWZfaWCICN6DbsKk4zMB4kF0c5y9/+pRxE6:RGtN3eETMNoyo+Y0ZftN5o5y9/+pRWd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.668184f3f27a234075b00560493da9e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.668184f3f27a234075b00560493da9e0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\mrt4CD8.tmp\KcButton.mfx
    Filesize

    40KB

    MD5

    619af4af177ae18c098c504af34daa46

    SHA1

    9f12e2ac12aa78148d1aba4856999dd47d687562

    SHA256

    7ad7ca933a51bcd7458cd281bb9e7e30badb85c919d25572407e5afb22750f5e

    SHA512

    112914c83fb2fce858a38f96396fd8dd5a0d49797c7b847641d5ac21a254511059fd668943f1963b2ec2812c98fb0f9aca631407d9b80d9a7265ebcfa2cb6f5f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt4CD8.tmp\mmf2d3d11.dll
    Filesize

    541KB

    MD5

    839633898178f35f6de0b385b7de0ec7

    SHA1

    5396e52c45954f0953cc8cf2095b122f7353180e

    SHA256

    5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

    SHA512

    b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt4CD8.tmp\mmf2d3d9.dll
    Filesize

    1.5MB

    MD5

    c85bcc9f3049b57aa8ccbb290342ff14

    SHA1

    38f5b81a540f1c995ff8d949702440b70921acc5

    SHA256

    bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

    SHA512

    5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt4CD8.tmp\mmfs2.dll
    Filesize

    768KB

    MD5

    200520e6e8b4d675b77971dfa9fb91b3

    SHA1

    0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

    SHA256

    763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

    SHA512

    8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt4CD8.tmp\mp3flt.sft
    Filesize

    24KB

    MD5

    5bebc3ae0122702b89f9262888d3a393

    SHA1

    064731c0f1d493b5b82921fa78f06e3d1db95284

    SHA256

    81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

    SHA512

    c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

    Download Submit