0296a409d1b2ed9a6c95c079a32ee712932aecafa943e4c189444ebf79b8f678

Analysis

max time kernel
147s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe
Size

232KB
MD5

1cc75ab6371bf373e84fa59d2d1121d0
SHA1

3ee76e90bd184563df70e9d51cf90f23b04a3edd
SHA256

0296a409d1b2ed9a6c95c079a32ee712932aecafa943e4c189444ebf79b8f678
SHA512

0b0a7adae2cba8c741f52f05f044dcdddb16eda02f8020185fc7633a0c28c32d72255709b828897453f3612e9629edfc4a154c8bca7ba4f33408e76eb9ee59f2
SSDEEP

6144:JWjPUxzTu5qKUV2kbPflvPpnd76/0W7cyqCxSngmV:J2GaYbPfl40npV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3204	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe

Executes dropped EXE 1 IoCs

pid	Process
3204	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
3144	2488	WerFault.exe	84
5096	3204	WerFault.exe	90
1928	3204	WerFault.exe	90
2744	3204	WerFault.exe	90
1580	3204	WerFault.exe	90
1452	3204	WerFault.exe	90
4900	3204	WerFault.exe	90

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2488	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3204	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 3204	2488	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe	90
PID 2488 wrote to memory of 3204	2488	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe	90
PID 2488 wrote to memory of 3204	2488	1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe	90

C:\Users\Admin\AppData\Local\Temp\1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 392
  2⤵
  - Program crash
  PID:3144
- C:\Users\Admin\AppData\Local\Temp\1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe
  C:\Users\Admin\AppData\Local\Temp\1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 360
    3⤵
    - Program crash
    PID:5096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 768
    3⤵
    - Program crash
    PID:1928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 808
    3⤵
    - Program crash
    PID:2744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 776
    3⤵
    - Program crash
    PID:1580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 816
    3⤵
    - Program crash
    PID:1452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 772
    3⤵
    - Program crash
    PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2488 -ip 2488
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3204 -ip 3204
1⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3204 -ip 3204
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3204 -ip 3204
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3204 -ip 3204
1⤵
PID:1352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3204 -ip 3204
1⤵
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3204 -ip 3204
1⤵
PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1cc75ab6371bf373e84fa59d2d1121d0_NEAS.exe

Filesize
232KB

MD5
7a88be9f26b7a7cc3e2ae9d503e4857e

SHA1
cf6400b361a28698d4ba681265804897dad34fd1

SHA256
278b3c435695bbe57206a4161499055dbd065efc21709ac08eac6c18e850c7f6

SHA512
4433ef3832ce57b112e3b586244f32f1979817582db8982232f9a23a33d9f0a49ee8fe3ec1bb0ba1cd5a877811fd9b8e661fb5b369c7f3a39c5d95ff403b5b45

Download Submit
memory/2488-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2488-7-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3204-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3204-9-0x0000000003D80000-0x0000000003DB5000-memory.dmp

Filesize
212KB

Download
memory/3204-10-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download