Overview

overview

9

Static

static

3

NEAS.24038...50.exe

windows7-x64

7

NEAS.24038...50.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    16/11/2023, 08:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2403818fc0fcfbfe3e58e729eacdfd50.exe

  • Size

    700KB

  • MD5

    2403818fc0fcfbfe3e58e729eacdfd50

  • SHA1

    66380c1b5dc72b4f7de17e26b6e4f6caf99a56cf

  • SHA256

    e0d3f82b88ac429f7d88c2ec3afc3a45a43986daeb60dfb8ed718ba14f5182dd

  • SHA512

    35a3c306bf0bf42c4e8f2e28ddc16ec3f1e1126a06a225c39a6041dcce254aca27e570567f3fa53febebfa12602138d1c59f6504e6c2ea2a4aaa1604de0aa19b

  • SSDEEP

    12288:BOVo4A1fgyv8godP1PwPvw2M5ONeJuMqzBDJkk2ERvT8MPAf/O6s:BOVkN2tonZ79MqFDJkxqo4Af/3s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2403818fc0fcfbfe3e58e729eacdfd50.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2403818fc0fcfbfe3e58e729eacdfd50.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
        PID:2296
      • C:\Users\Admin\AppData\Local\Temp\_7z.exe
        "_7z.exe"
        2⤵
        • Executes dropped EXE
        PID:1852

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_7z.exe
            Filesize

            324KB

            MD5

            7187ae605f4dce14bb23ea2623956335

            SHA1

            f7c1df33b875c98f41dcde24117d89d42d25b7ce

            SHA256

            9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e

            SHA512

            f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_7z.exe
            Filesize

            324KB

            MD5

            7187ae605f4dce14bb23ea2623956335

            SHA1

            f7c1df33b875c98f41dcde24117d89d42d25b7ce

            SHA256

            9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e

            SHA512

            f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f

            Download Submit

          • \Windows\SysWOW64\Zombie.exe
            Filesize

            376KB

            MD5

            1729dad8bdc82256422546bab492002d

            SHA1

            903eac92d121514ce0d1c078dc79962325b8c0b6

            SHA256

            c7a42850c14be02bb924bc8315de7d17023c18410feb23dff733494785d9e5eb

            SHA512

            d4a968fbd6d43aa7dfab7751aa479fbf0a6fd13c910cc4f0c0bbfc409ff952ac0556d221deec3d000a5475cf34e560e8a36dece99cf7d4a1a0c583f0b7d34453

            Download Submit