Overview

overview

10

Static

static

10

cc356545c3...ca.exe

windows7-x64

10

cc356545c3...ca.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 02:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cc356545c3804c811c007ed5235d2aca.exe

  • Size

    139KB

  • MD5

    cc356545c3804c811c007ed5235d2aca

  • SHA1

    68239396dd04d70324e34709725a7fc8cf3af42b

  • SHA256

    05e3af4fd7d70b843680c4b5b6fe251407a84b0dbea17ec04834f77cdd6dd241

  • SHA512

    3829e0e218b75e5fbabc5bd30fdc7fcdc36bd534379963be0fd68e00a5cb311679b0967c788a08594ba004325d71afc5f12af4320c8cf1276cd68dc1f1e85d50

  • SSDEEP

    1536:9xqjQ+P04wsmJCamVpgM+Wf3VkPVfT48Jnit4dXJlViN1U3/edr7QvQt3WpOck/t:wr85CaRMJ/cPiq5bVin8/edz+92mhTY

Score
10/10
neshtapersistencespywarestealer

Malware Config

Signatures

  • Detect Neshta payload 13 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc356545c3804c811c007ed5235d2aca.exe
    "C:\Users\Admin\AppData\Local\Temp\cc356545c3804c811c007ed5235d2aca.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3780
    • C:\Users\Admin\AppData\Local\Temp\3582-490\cc356545c3804c811c007ed5235d2aca.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\cc356545c3804c811c007ed5235d2aca.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3564

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
          Filesize

          281KB

          MD5

          eb1472fd0361cbcbcd720096e0ce508d

          SHA1

          672d0210443e0a6bcca330bf93c0cdec7dbd288f

          SHA256

          2b9778a21865eccea1965edd8aace8d9407985fa4fb308f5f879f0fee1b716c4

          SHA512

          699edd73618719b999de025ada17acf634ae69682620c3f39c8fe6eb470eb740f3abcd8cbf3172032e36255d4c394f00e251edc276e86515f8a817e6af053ced

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3582-490\cc356545c3804c811c007ed5235d2aca.exe
          Filesize

          92KB

          MD5

          b3d89dac6682adcb8bf734380e073159

          SHA1

          69fa0c768d34632eeba44936986d28f14a2ee493

          SHA256

          3a8dd70143018e233ef25626fc42e71669790c25087cecc12df42dde67745bc6

          SHA512

          eba30d8c4c32ed1a07d9c5928848aa6e9d389496ca311142c785334f91377bebffc4203e2d53e672da5c4263d8a753029d61bf455e97989acd625c94b410d9c0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3582-490\cc356545c3804c811c007ed5235d2aca.exe
          Filesize

          99KB

          MD5

          eff25086b1367be1c11a523a37b4a5e1

          SHA1

          146ba77646254aa1f8847749c9893a7bf40d7a7c

          SHA256

          0c67baf01b1f2421f39a2a6ae3023cf1add734b60ca9d49de0e62f5711f25273

          SHA512

          5087f363c3f6dbd0b8c4eda733419c654987836dd40dcc4c8fc297d0edf1a16446ad5dcd520b35f2afbf57deaf60e80b40d28826dd2d6932429181d205a183b0

          Download Submit

        • memory/3780-99-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-96-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-97-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-98-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-0-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-101-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-102-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-103-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-104-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-108-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-109-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/3780-110-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download