Overview

overview

7

Static

static

3

10e69ce0fc...AS.exe

windows7-x64

7

10e69ce0fc...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 08:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10e69ce0fc97f60789411b40dbb697f0_NEAS.exe

  • Size

    4.1MB

  • MD5

    10e69ce0fc97f60789411b40dbb697f0

  • SHA1

    3ad744f8c26594f0d73c4758d9a0735fb449f50a

  • SHA256

    321152eca4c3fac8830c42b70185ddf4c7d9102f44baa2db6738d71b23dfc3e8

  • SHA512

    10bc76832f97055e406a3c706c409e953d7f4c2059185068a08a62569f723b39752b121d52fdf46db1eda2077f17088ea516ed924f42828cc50f0b3c51f9fdee

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSph4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdma5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10e69ce0fc97f60789411b40dbb697f0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\10e69ce0fc97f60789411b40dbb697f0_NEAS.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4288
    • C:\FilesX8\xoptiloc.exe
      C:\FilesX8\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesX8\xoptiloc.exe
    Filesize

    4.1MB

    MD5

    e04e477ae10bc8edda501c7bd4f3c0ac

    SHA1

    418656cfd45f472d40f6af51ea505495876819a5

    SHA256

    9f5301d079b51a88dc8227a36777fa429f24fdcb7bf813e3ba543b9f7c3fcb60

    SHA512

    d5bf9b3b6f6e4f3bfed565c0672fc9b5e33329bf1436397ee27921ddc4b5044697dc95eac19cb6d61049fdf70aaf124eacf758a6d9b6039195bf9d126764ab2e

    Download Submit

  • C:\Mint47\bodaloc.exe
    Filesize

    4.1MB

    MD5

    bf5f291b112267fb7b9863db2cdc837f

    SHA1

    d2d0339250d08c9c938821a18a2d08224d2f6124

    SHA256

    f841e2d14e0fb760eede9a19ab90f6915de9f6a585e1d72357fc83c32d173fec

    SHA512

    50f8007ad0c8ff01cbfb4a7e7754f2ef43b283306833aaf4bedeabec3ec613902177275dfe3d4f3be40554de87de9c7d9eede532ddff763f86e6fb74cba28e6b

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    8d6562a4c0f7dbd4313c2a8de583b08f

    SHA1

    8cf7c8196d5eb6c669f92c3b9d565119803a9e2c

    SHA256

    f1b537825b6cb38e6df2cac66595b97125be73dae185d4c9989aa6f437fe8f05

    SHA512

    872cd9717806961d6d39ec7ae17a624f4d893a3004108e7b7024cc2cdd56c87804aae6cb246ef27a2ec824d5c242fa8bcf099ba86d42c1be83e55eca371075e6

    Download Submit