632fba58592d61f5c940c2903bd1ea9aae975e69080da1829d5126cbf4d934f5

Analysis

max time kernel
1s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAST Setup 1.0.0.exe
Size

78.5MB
MD5

d55ce84e6c13e3c3d54f3b72bbbac26b
SHA1

09b0ae0049dff9f92102aa2591e8d629cbce4969
SHA256

632fba58592d61f5c940c2903bd1ea9aae975e69080da1829d5126cbf4d934f5
SHA512

4cddafeedf7b15dc133c10ce9f990bf7859b1cd49a29571971e90bfae626079f8772ad55620361107a7aea44b9bfa0eb1a04af31ce4c4a87a83af367f70ea158
SSDEEP

1572864:47e4hd5gG80WR5mQD8vUXbbJurhNih/PFmFg2GiqMcrGmw:47e4DhogY8vGHJ5uFg2Giqy

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3088	tasklist.exe

C:\Users\Admin\AppData\Local\Temp\NEAST Setup 1.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAST Setup 1.0.0.exe"
1⤵
PID:4868
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq NEAST.exe" | %SYSTEMROOT%\System32\find.exe "NEAST.exe"
  2⤵
  PID:2956

C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "NEAST.exe"
1⤵
PID:4032

C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq NEAST.exe"
1⤵
- Enumerates processes with tasklist
PID:3088

C:\Users\Admin\AppData\Local\Programs\NEAST\NEAST.exe
"C:\Users\Admin\AppData\Local\Programs\NEAST\NEAST.exe"
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\NEAST\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\d3dcompiler_47.dll

Filesize
92KB

MD5
b723cf88f1558ae0531397802331f9c3

SHA1
c2e0a475afa6be05a042ac97fe28625acf01cdea

SHA256
27a48c21284999ab4c223b1ba8e7aaa245b90d47480337d12c2344ce041fc69d

SHA512
615317dc0963c8ba33ec2f45f38e307b163f92d5555a923d5bf1ef456146de4bba46948ad4a9eb847ca75feeb8e384b2e543f73d0ecd89f4816b2c7f894b763c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\dxcompiler.dll

Filesize
32KB

MD5
97c9c689fc818d7c5cebe3c5a332b376

SHA1
426daa3a57ac125fb5655133e3fcd5a5b07cbee4

SHA256
67ff8eb84d2c7295b7467e3d00a2fccfe9953a620d6ea465ae5bfe8701bd4336

SHA512
6a1ae922b177c7c90d128795d7160ae7ef7454f28fd9985f0a8f14c122a3977aa8897367dbc4f4e18c35cf2d341d55b12649879ab3cf08173e7455a533fb1334

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\dxil.dll

Filesize
92KB

MD5
90f56ad0e05ac806ffb6499c892ae12f

SHA1
90ff9832c7d7f896a7103483c7ad3ef639a3f747

SHA256
63df0d17ee00b8382c1e7747405ed0c19ac3b57ae06b02d7604b8e0c3691884b

SHA512
3b8a58590a5641306d973f932ee7457e9a1c16788b63d04318129732b23407a70873a64006ae40d09e40f569eadbd1de7c5dd45c09b0ed98a0c888b72cf65c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\icudtl.dat

Filesize
87KB

MD5
d919fbd71d6be284520ed0cb48e64fbf

SHA1
e0d7a52b04de49a10f8508e47c9f4ed5c356b701

SHA256
d8faaf6a63c7114695ecb5bfa409f450844595e5b72ed80bd087ab2ceb58606f

SHA512
5378fbc53524defc48cfc7a36cf342a4b2a7937e4c94235f1e025a2edbb8ea77e3bc596eaa971c040aa25003f9ceb45323a9bc83a1fc1f803c2d3b443c223892

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\locales\af.pak

Filesize
36KB

MD5
4eaecb1df88e24000d55bc2b462e1e10

SHA1
63f6c30262878f3935b2c9682121fa46909fc581

SHA256
484b0e401097f00c3b528f520e19aba182fbdcb0316adcbeaea457e7892e7c09

SHA512
2aad70138d39ca62d31f6f407f0aa466e03c9c734050d341856209a601e897c8c3f7e7bd0f91ce13cbfc0d86561124e5ccdd121cb80d8bf7d6bd87892d3016a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\locales\am.pak

Filesize
91KB

MD5
1e20f33d5051e54ab4629b5eef678bb3

SHA1
b1f70f00f702eced50751503ca3ad5687e73d66d

SHA256
19f02e0dd8d23ad22c347623414d1adb82e5a339ce12fab920df29f28e0d03cf

SHA512
9d986be1a33d4c12e282379f100e9da4db1342bd15f875634013a799f18199c8e55f6ef0227d36df1eb6d100c43927f1b2af6921904f965f895648dd3b7ed566

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\locales\ar.pak

Filesize
29KB

MD5
714e447189c65f03e93e469d7f7193ab

SHA1
a3c48c335a171d757ffc2646407c097c0d04ea79

SHA256
fa16aa21ef705582c0117f1af59ab43653e12c48b929baf6758a835868f551b3

SHA512
3723a43a597868a300af0828a8011191f9ff866dd19bf242bc4338d0b1d9b34aa0170819bb43fc9fdca38c013725c324478010594e02f5e92806ab48e2d12fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\locales\bg.pak

Filesize
32KB

MD5
dbe824d6b0cf6e55c932e9e89e76bfd6

SHA1
7cec7ff5bf457f2701c39d0c0812f71d00bbcc87

SHA256
21795a3e0e0efc44b1ed91d55be3f1f2355e5fd03912bc19e2a2490f37f19a3e

SHA512
55b5777bc7033795e97f5ce848fbb8ff0138031bdf5938a104fbf75ba27349e737d1e9265378e02c49a91c9b267ad641b120c6606aa47cd1cda54eeb00f9aad0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\locales\bn.pak

Filesize
43KB

MD5
f6e7cf950eeebb2a792cf810f5bcd563

SHA1
c007e1ecb39a074faf4695f936c0013106443010

SHA256
022cc9ba66533914ddfd58c20693056c6f3be5d3a168a7f0ca14d999e6eb3c05

SHA512
8f31114ca895b25f5f77bbe83a3cddc19798d85b786323b8dc3b45dea9a81119bec465e52a428f92a088be63556cb198edc291147ffef0ec1091f7d7c4fc319d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\locales\ca.pak

Filesize
44KB

MD5
28d04c841c35fee48f32089b2973952f

SHA1
1fad95c55d1ee7fe5c1b10069a08d65321782e77

SHA256
47fadb95907f07eba48183b46298e3b16c533814c076a0b8d2f7c1c480874860

SHA512
f9f62aee5ea3bf2b4d0440883a3f72a82d70ba627f070461d2a524f0fcc2b6138afcc650977e61540301991909c7dc674cda8138617af66657d197e46005c155

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\resources.pak

Filesize
133KB

MD5
c533f049f3b2961a612d72b04668b304

SHA1
80401ea7304e6404c1600eb2fd8cd9274026a294

SHA256
8dc970c9d3dadf6ea538fe6dcf630fd84b16a5e09aa3454aa15a82f59e229edf

SHA512
bf95ce4f72bc7ea74b87cfcf206dec528b20552e6901e5e5768dfd9c3a46e85327862a1813b61e3133b6f0d0aaa07791393805077152e3723e77007f15eabca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\snapshot_blob.bin

Filesize
270KB

MD5
3126d62daf4090a26b0884544a3f3a80

SHA1
3698491729265c27dbdf7bf89556fafd6d4658c5

SHA256
9f449aa167ae5e6396c50019d2dd4cd725dbdfb575732700a2626fbfb797ca42

SHA512
983971fb005f40fb35839067f7729659aa6bb47b76f8982f372d2597978a913874abe1e886abd49d8312f54c8b39b3455ea014740f4edad9b7ba5968d074491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\v8_context_snapshot.bin

Filesize
151KB

MD5
56faa746fa8759981f8255a9b7b4f897

SHA1
f37dcd133ab3dab2c971a6f7019d0a89903faf6a

SHA256
b550865577be9e62e32cecc604827233e34110313f0c62520b53e7bac078dda6

SHA512
4609490caf8ae351f47a4c7feaa1c14fcfffac65dde7bc980f70ba058a7b62d15267cd1cd4ae0d46d0a908e6624f6086cf4e441026c80ffd03dae87ed5434603

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\vk_swiftshader.dll

Filesize
47KB

MD5
964b214da1c3f7c29b621b45cbf41d29

SHA1
c6dfbc7df3d7d3ef6a9a368790ea062326002694

SHA256
6bdcfd29c0bb38a68f219365a9ce2292c7394bd3424c904e5ba1fc96d5cd35c0

SHA512
83c66c0b3894a66d17ae32dcd6b028ed5e8d6244d2bef2b1573b5944f1e7b5a533c5cd6703b53935199ae3912e9e6090da238c5f1d9ccfa013bd2b1188db27f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5CB7.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit