Overview

overview

9

Static

static

3

NEAS.24038...50.exe

windows7-x64

7

NEAS.24038...50.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    156s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/11/2023, 08:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2403818fc0fcfbfe3e58e729eacdfd50.exe

  • Size

    700KB

  • MD5

    2403818fc0fcfbfe3e58e729eacdfd50

  • SHA1

    66380c1b5dc72b4f7de17e26b6e4f6caf99a56cf

  • SHA256

    e0d3f82b88ac429f7d88c2ec3afc3a45a43986daeb60dfb8ed718ba14f5182dd

  • SHA512

    35a3c306bf0bf42c4e8f2e28ddc16ec3f1e1126a06a225c39a6041dcce254aca27e570567f3fa53febebfa12602138d1c59f6504e6c2ea2a4aaa1604de0aa19b

  • SSDEEP

    12288:BOVo4A1fgyv8godP1PwPvw2M5ONeJuMqzBDJkk2ERvT8MPAf/O6s:BOVkN2tonZ79MqFDJkxqo4Af/3s

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (985) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2403818fc0fcfbfe3e58e729eacdfd50.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2403818fc0fcfbfe3e58e729eacdfd50.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1568
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4476
    • C:\Users\Admin\AppData\Local\Temp\_7z.exe
      "_7z.exe"
      2⤵
      • Executes dropped EXE
      PID:3008

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini.exe
          Filesize

          376KB

          MD5

          5abfd27701d76878c138edd172f74c6a

          SHA1

          03a8683045a826b345298fdec5bb20192ebeb936

          SHA256

          5ceda77475509fa2fe00d6c8abb3fe2eca771cf2cabde30a9241b8e0aa6a2077

          SHA512

          1b80e739b89b36dfe93521c2fec11d58eab77fa37f2b55ae8592b0d6fa328c3d28dc73033d81fcd83d2be3204c52dc823f4c640ddae7179e904c984fb0dd5d87

          Download Submit

        • C:\$Recycle.Bin\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini.tmp
          Filesize

          376KB

          MD5

          5abfd27701d76878c138edd172f74c6a

          SHA1

          03a8683045a826b345298fdec5bb20192ebeb936

          SHA256

          5ceda77475509fa2fe00d6c8abb3fe2eca771cf2cabde30a9241b8e0aa6a2077

          SHA512

          1b80e739b89b36dfe93521c2fec11d58eab77fa37f2b55ae8592b0d6fa328c3d28dc73033d81fcd83d2be3204c52dc823f4c640ddae7179e904c984fb0dd5d87

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_7z.exe
          Filesize

          324KB

          MD5

          7187ae605f4dce14bb23ea2623956335

          SHA1

          f7c1df33b875c98f41dcde24117d89d42d25b7ce

          SHA256

          9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e

          SHA512

          f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f

          Download Submit

        • C:\Windows\SysWOW64\Zombie.exe
          Filesize

          376KB

          MD5

          1729dad8bdc82256422546bab492002d

          SHA1

          903eac92d121514ce0d1c078dc79962325b8c0b6

          SHA256

          c7a42850c14be02bb924bc8315de7d17023c18410feb23dff733494785d9e5eb

          SHA512

          d4a968fbd6d43aa7dfab7751aa479fbf0a6fd13c910cc4f0c0bbfc409ff952ac0556d221deec3d000a5475cf34e560e8a36dece99cf7d4a1a0c583f0b7d34453

          Download Submit

        • C:\Windows\SysWOW64\Zombie.exe
          Filesize

          376KB

          MD5

          1729dad8bdc82256422546bab492002d

          SHA1

          903eac92d121514ce0d1c078dc79962325b8c0b6

          SHA256

          c7a42850c14be02bb924bc8315de7d17023c18410feb23dff733494785d9e5eb

          SHA512

          d4a968fbd6d43aa7dfab7751aa479fbf0a6fd13c910cc4f0c0bbfc409ff952ac0556d221deec3d000a5475cf34e560e8a36dece99cf7d4a1a0c583f0b7d34453

          Download Submit