455146427054c8e4e75e62264a3cf9f62f1c882c2b8813f40d26de800a6cb400

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
18/11/2023, 05:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe
Size

295KB
MD5

8a417febc545b9e61b64b6b4d0c215c0
SHA1

77903a9290705058aeff7e44af55e733f8fcfc78
SHA256

455146427054c8e4e75e62264a3cf9f62f1c882c2b8813f40d26de800a6cb400
SHA512

6b832e93e907471b23a7a88f8bda457c9e57e4de29bb2d395edd4e12a7b4656dab7049792f3b6bc9715fb86422fbadbfb99b82fd9ff4c8f19ff6cf93a7a63682
SSDEEP

6144:GI82LiUYe4jeazx0rKT62WnXHLaW1rvx+A5+5kkFn6Fv5kkp:T3lOhx02cHLhrvE4CtYFRtp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1548	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Executes dropped EXE 1 IoCs

pid	Process
1548	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Loads dropped DLL 1 IoCs

pid	Process
2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2432-0-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
behavioral1/files/0x000d00000001201d-11.dat	upx
behavioral1/files/0x000d00000001201d-13.dat	upx
behavioral1/memory/2432-15-0x00000000014B0000-0x0000000001556000-memory.dmp	upx
behavioral1/files/0x000d00000001201d-17.dat	upx
behavioral1/memory/1548-18-0x0000000000400000-0x00000000004A6000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe
1548	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1548	2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe	29
PID 2432 wrote to memory of 1548	2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe	29
PID 2432 wrote to memory of 1548	2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe	29
PID 2432 wrote to memory of 1548	2432	NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Filesize
295KB

MD5
290053de68701dc4eed4d65fd1b1d0a7

SHA1
a75a317ca70c36624354925064eaf8ff725e2fb2

SHA256
ab396b4749222b0e1a2a278302133033a955d6e1a181543cbc008cd39fcd99f1

SHA512
8a108bd9760fde96ace469c1cb95ef10deee5b2d3a9a81d8e22c9d3235f5ef023f3bdfa3f3d820027bf779326a1e86bfda1ad6eaf87bed85caaa01fda944c18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Filesize
295KB

MD5
290053de68701dc4eed4d65fd1b1d0a7

SHA1
a75a317ca70c36624354925064eaf8ff725e2fb2

SHA256
ab396b4749222b0e1a2a278302133033a955d6e1a181543cbc008cd39fcd99f1

SHA512
8a108bd9760fde96ace469c1cb95ef10deee5b2d3a9a81d8e22c9d3235f5ef023f3bdfa3f3d820027bf779326a1e86bfda1ad6eaf87bed85caaa01fda944c18e

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.8a417febc545b9e61b64b6b4d0c215c0.exe

Filesize
295KB

MD5
290053de68701dc4eed4d65fd1b1d0a7

SHA1
a75a317ca70c36624354925064eaf8ff725e2fb2

SHA256
ab396b4749222b0e1a2a278302133033a955d6e1a181543cbc008cd39fcd99f1

SHA512
8a108bd9760fde96ace469c1cb95ef10deee5b2d3a9a81d8e22c9d3235f5ef023f3bdfa3f3d820027bf779326a1e86bfda1ad6eaf87bed85caaa01fda944c18e

Download Submit
memory/1548-18-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1548-19-0x0000000000140000-0x000000000015D000-memory.dmp

Filesize
116KB

Download
memory/1548-27-0x00000000003B0000-0x00000000003CD000-memory.dmp

Filesize
116KB

Download
memory/1548-26-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1548-32-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2432-0-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2432-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2432-15-0x00000000014B0000-0x0000000001556000-memory.dmp

Filesize
664KB

Download
memory/2432-2-0x0000000000140000-0x000000000015D000-memory.dmp

Filesize
116KB

Download
memory/2432-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download