Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
27/11/2023, 18:53
General
-
Target
818133edf6333d7ce79b0e4c40ce56f0.exe
-
Size
1.5MB
-
MD5
818133edf6333d7ce79b0e4c40ce56f0
-
SHA1
ba6c27234fcbcbc12766418edbc149c5807b0202
-
SHA256
c7a2482c7743d0b5a18d6c2b135d6d13153caf163906e11d0adf26ac693f9eac
-
SHA512
0408be8e9516c4d7ac42e8c2413b0238c77e5914bc86628699b211b300b2425ac6f8f64584cad293afc499ae4d57253a9d59389a29f8a80a96bce2abc922a339
-
SSDEEP
12288:mLJa+7PGqmyXvaO+Ow51+ktKjxZyu7qroycqYgIQG3G:mLh/HXvr+7d8jxZPyonQGW
Malware Config
Signatures
-
Detect Neshta payload 9 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\818133edf6333d7ce79b0e4c40ce56f0.exe"C:\Users\Admin\AppData\Local\Temp\818133edf6333d7ce79b0e4c40ce56f0.exe"1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\818133edf6333d7ce79b0e4c40ce56f0.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\818133edf6333d7ce79b0e4c40ce56f0.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD58ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA2568268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA5120b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427
-
Filesize
1.5MB
MD58785d840d29c3ff362fd37a6c004f448
SHA1f1979ee7e7de177a95a119a27e777df75d2618ed
SHA256c362dff4dc26c9d2e8fecf949997914c0c5f19bf4ec9160ead5ccbf49d11a8ee
SHA512145da2a0862fadd0f77fb6fff9aa8c6086d3750d671f729da60d0192e887006799d0a62201e6c9ae116d95108e8d032ec1e4e0caa2a51af9a52edffcc2c7358f
-
Filesize
1.5MB
MD58785d840d29c3ff362fd37a6c004f448
SHA1f1979ee7e7de177a95a119a27e777df75d2618ed
SHA256c362dff4dc26c9d2e8fecf949997914c0c5f19bf4ec9160ead5ccbf49d11a8ee
SHA512145da2a0862fadd0f77fb6fff9aa8c6086d3750d671f729da60d0192e887006799d0a62201e6c9ae116d95108e8d032ec1e4e0caa2a51af9a52edffcc2c7358f
-
Filesize
1.5MB
MD58785d840d29c3ff362fd37a6c004f448
SHA1f1979ee7e7de177a95a119a27e777df75d2618ed
SHA256c362dff4dc26c9d2e8fecf949997914c0c5f19bf4ec9160ead5ccbf49d11a8ee
SHA512145da2a0862fadd0f77fb6fff9aa8c6086d3750d671f729da60d0192e887006799d0a62201e6c9ae116d95108e8d032ec1e4e0caa2a51af9a52edffcc2c7358f
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
1.5MB
-
Filesize
7.7MB
-
Filesize
136KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
584KB
-
Filesize
5.6MB