Overview

overview

7

Static

static

3

9218fec623...AS.exe

windows7-x64

7

9218fec623...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9218fec623b17e1ab91366302d104620_NEAS.exe

  • Size

    2.7MB

  • MD5

    9218fec623b17e1ab91366302d104620

  • SHA1

    948017a7953c62d328a335b4372cf37b5494d17b

  • SHA256

    9a14ba4f7a04d5d42ffc6a3dc4bac9d678bcb2ed6ef7e38ce1b75c13e7448952

  • SHA512

    ee8a26ae4c5b907e6171f9d6195ea1dd4767a66c97c10913da214d639bb7e9789d979552218240261a0860dd797a84a07e5a53616f5f33fe28a9ab0055d3a173

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBd9w4Sx:+R0pI/IQlUoMPdmpSpZ4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9218fec623b17e1ab91366302d104620_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\9218fec623b17e1ab91366302d104620_NEAS.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3288
    • C:\SysDrvYS\xdobloc.exe
      C:\SysDrvYS\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxER\dobdevloc.exe
    Filesize

    2.7MB

    MD5

    c17b805c8fccb5516cb6425b2e05452b

    SHA1

    125fcdd690cc0e92c3c29d44be0989e6af7203a1

    SHA256

    07ff247156095f97ed7c6143e0bda6b77d52cf4e0ba32419e9475c6b623004f8

    SHA512

    add0c943e89295ff2f88b3c7a39af0154995be39113995f1e5b55a61e5cabcdae373f7bf7b16bd73e6953da6d2b35ddc92574d1c9cebf261f2411e2d8554a5da

    Download Submit

  • C:\SysDrvYS\xdobloc.exe
    Filesize

    2.7MB

    MD5

    7c870dbdbd7f89b988a4f8dc8a5b1bfa

    SHA1

    af51fed60825c11586ae424d1f7daf02da028ad5

    SHA256

    5f52eb0f1ffd1b8725f50e0139415f1f7462cec463894e69c96d6e001e03fd28

    SHA512

    0908d82b0136196dffeb07627ec1415888238db4d2c90c3d097a190745343398edbdb5f744c9ca93791d9c901f3b67f98cda44f159addd8d9e58900e413e857c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    87d905feebc372c11cbc70bcf3c56a7b

    SHA1

    b58bb73e6cde914f22e6fe155749018a809aa220

    SHA256

    f7a70fc49b78d7ea95b9fde64b5dda086d57a842e5f4bfb9b1b023fca2be2273

    SHA512

    0effe85f11c5acaae2c8ace482da254287d3d5340f961d058cbbaccd6e216458c615e627eea5ba1d7537c3e87fe663fa00c28846c5d96b1c869147848a996ab3

    Download Submit