36db131862e9f38c5e47cdb4aa1a35a8c95904039c1e5cbda5b6ba728fbebd79 | Triage

Analysis

max time kernel
136s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 16:32

Sharing

Report Analysis Logs

General

Target

Neptune-Stealer/neptune injection/final.bat
Size

1KB
MD5

e52ffc30088c2eaa4b820d16edf1bc48
SHA1

5039c175ef76f135ea63d96fbcd5a459b2a6334c
SHA256

41fab22cd37aa4e66c362215eda0d8bf9ff82d950e1661f528921811fb99b88f
SHA512

2c58ba2914979d64b85e880d50439782dd4e002bfb2c2631070d15f7be5e4686cbe5ffc8719add0181ffdb1db7548ff8f4d628287dd31bf3827a3928df84bed9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 5148 wrote to memory of 5520 5148 cmd.exe iexpress.exe
PID 5148 wrote to memory of 5520 5148 cmd.exe iexpress.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Neptune-Stealer\neptune injection\final.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5148

C:\Windows\system32\iexpress.exe
iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\2exe.sed
2⤵
PID:5520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2exe.sed
Filesize
1KB

MD5
7064ef44cbdaff5f3fc679965a67c600

SHA1
f4ad28dac71990276b97fa56c11eed3f92c576ad

SHA256
7840c6307661071990f8d7e60f525811c957b5fce14a9245e4b6ab70fae9d4f3

SHA512
d4f31dd08381a31551f9ed78ce3df268858080ed8d5322046eec925a6d5d5e84306722b5f4996018338d68807b74c5e40e42ef17f4d5905e8e5aad67ccdef77c

Download Submit