0c02f3f8167cc00f4ea0f69c739cc5193f74b5c7bec00e1ba036e4e62efd63b9

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe
Size

45KB
MD5

7d64ae61b1021edfdcc884b376a6dad0
SHA1

5f2f1e1978c74e235edb8995abf561fb95d258b2
SHA256

0c02f3f8167cc00f4ea0f69c739cc5193f74b5c7bec00e1ba036e4e62efd63b9
SHA512

4754412f7031fbfdd6d89bf56934340b5632b3f069a41dfd1f72166f4a4b3bfae9296f5bcf18ff0e09904098f727a0dd5bb4b923103d256dce3c4d51d39e21f1
SSDEEP

768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPhH:P6QFElP6k+MRQMOtEvwDpjBQpVXKH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2092	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2344	7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2092	2344	7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe	28
PID 2344 wrote to memory of 2092	2344	7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe	28
PID 2344 wrote to memory of 2092	2344	7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe	28
PID 2344 wrote to memory of 2092	2344	7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe	28

C:\Users\Admin\AppData\Local\Temp\7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7d64ae61b1021edfdcc884b376a6dad0_NEAS.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
1423e38f208e23a5c4f07df02ab37000

SHA1
45caf02017a6fe8df3044b0d6d9aad2bc5650f13

SHA256
c423aaa4a4bf8a0f42fe3d3b5ae0c421f509c057ce5ea508663d0f36cad37faa

SHA512
ab8a6ab9e3240233880bf5c27dbb62cef89d8da7fe0a6951c7010b0b2fe8f886ee2fdbf2c364aefbdffd9e694f579bdb85f2f01b2dd9c4800b5818af6edf0560

Download Submit
memory/2092-17-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2092-24-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2092-25-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2344-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2344-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2344-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2344-3-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download
memory/2344-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download