Overview

overview

8

Static

static

1

NEAS.30741...12.exe

windows7-x64

8

NEAS.30741...12.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2023 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.30741d875486857f817f781a3c668412.exe

  • Size

    50KB

  • MD5

    30741d875486857f817f781a3c668412

  • SHA1

    3bf47ec47e9d37f73643fb3e078cebc22e7549a0

  • SHA256

    7e6f708756e36e9c3075ba5687381c1412cd139ed816d17cc101bf9aa43eafe8

  • SHA512

    5113694da2152c01313abeb157aa4aba5beae99cc67751c298ffc2e8c7b9b0e9a6bf1d0e4e7f1d2f49e70fc2b5e01a08505a94d48d1035df684d2b8bc8091b8c

  • SSDEEP

    768:7akFbk5BoY+cx7x+X0p42nFKRgu5SNF2B3j0mJMkn4LZSxFTk57TA0P9m0D:+kFbk5BoYFUOnUevNMTNn4gFTk57TVcq

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.30741d875486857f817f781a3c668412.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.30741d875486857f817f781a3c668412.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Windows\SysWOW64\reg.exe
      reg delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{43E3767C-ABB7-8B02-9403-704B1C3C8C96}" /f
      2⤵
        PID:4704
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\NEAS30~1.EXE > nul
        2⤵
          PID:4444

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2728-0-0x0000000000400000-0x000000000041D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2728-1-0x0000000000400000-0x000000000041D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2728-2-0x0000000000400000-0x000000000041D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2728-3-0x0000000002250000-0x0000000002278000-memory.dmp

        Filesize

        160KB

        Download

      • memory/2728-6-0x000000007FE40000-0x000000007FE41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-7-0x0000000000400000-0x000000000041D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2728-8-0x0000000000400000-0x000000000041D000-memory.dmp

        Filesize

        116KB

        Download