Overview

overview

7

Static

static

3

62e9af24a0...AS.exe

windows7-x64

7

62e9af24a0...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2024 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62e9af24a0f33c687ba78be36f2fa610_NEAS.exe

  • Size

    71KB

  • MD5

    62e9af24a0f33c687ba78be36f2fa610

  • SHA1

    caddb1c659a8680de2142a99eb1097f290811f8e

  • SHA256

    546a13ba75e4e1ec0c0462c9032d73f789ca8548823c8b18731dfb24599197f7

  • SHA512

    95a1ba4931e19119acd24fd94ab65994332d271315d7e1eae594df6ef839c68dee6b5cc7645bb80544a7a3ffaf2d72b6ce1a6d7ce3273d8cb6303c2de929173a

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT6:ZhpAyazIlyazT6

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62e9af24a0f33c687ba78be36f2fa610_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\62e9af24a0f33c687ba78be36f2fa610_NEAS.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Ggzl1J7eua6ds3B.exe
    Filesize

    71KB

    MD5

    220b1fb6ef33d60e6026a189b2f19078

    SHA1

    e5327aa2fd9213e2643da9fc5432ee58aff24715

    SHA256

    1af8fb092cc42658a433c82d38c9ee1e0cfd9ec389e855645ce6f30cbefc61fc

    SHA512

    7d71865ea46b62c828117ba88b4f17fddd5979fada62f9324f518d257c72dd55846235bc9f91fcfea22c0c0b7574eee2f5e58d888aeaf065eeb34495b9d0c687

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit