Overview

overview

10

Static

static

3

1e3815d395...13.exe

windows7-x64

10

1e3815d395...13.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e3815d3956e4744b089bfed598f7113.exe

  • Size

    40KB

  • MD5

    1e3815d3956e4744b089bfed598f7113

  • SHA1

    38a1d92658b66e8c8e6a8f78728b8804693d2314

  • SHA256

    56f4fc3863cb20e34a8642e4943dde854417d86d3c1f33c8e6fdb68477b0f9fe

  • SHA512

    62723d4ed1b09130cf2a7c7a940d9cae18512f5e31a5e01fb8bee581702526193216b4e8a77fe3f17448a6c4dc76339447b6ce66329bc0237e6b27b7b3fed8dc

  • SSDEEP

    768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC

Score
10/10
neshtapersistencespywarestealer

Malware Config

Signatures

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e3815d3956e4744b089bfed598f7113.exe
    "C:\Users\Admin\AppData\Local\Temp\1e3815d3956e4744b089bfed598f7113.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    PID:1572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
    Filesize

    92KB

    MD5

    1f0125aa1df222938fdaaecf90f5afdc

    SHA1

    248b72eacec07c51b34778a3b8a48ac86b8d6fff

    SHA256

    fd993619dc2309ca4d52870a41201147838e5cbaa5c618574d0cedf8d8e723e9

    SHA512

    4ba6889d0eb188ea7bc9f4bfb3ce1eb937d0f5b14353211cd8363d1a3f9628aeece68a675ed28d22354fdeaea2a763b2779d4c0f7c463f4a2905cca7baf897ea

    Download Submit

  • memory/1572-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-18-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-76-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-91-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-92-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-93-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-94-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-95-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-96-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-97-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-98-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-99-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-102-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download