4fc45db4230d211681d5b3c15da43f6e96c2b6514a8e219572b4ff05e1526fc2

Analysis

max time kernel
148s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e19acb746b719152feae73f663021e0_NEAS.exe
Size

256KB
MD5

7e19acb746b719152feae73f663021e0
SHA1

1221d5c296ce44463f13d84a7289d05ee5a00c3f
SHA256

4fc45db4230d211681d5b3c15da43f6e96c2b6514a8e219572b4ff05e1526fc2
SHA512

0c7fe43d708e158954e813eb85bf528614d84f00e76bf2ac2ad62d1a75f52d7be58d195a2385d581cb72700f7d82c735b52d1ce2377ee562ea4ecae0a1e1f968
SSDEEP

6144:jOuFuko0Y8OtlP2Wc/hfRIIW6Th6jTFRbf0eN0W7cyqCxSn1:jZEAJOj8/hKInh6XFRbf0ez0n1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3152	7e19acb746b719152feae73f663021e0_NEAS.exe

Executes dropped EXE 1 IoCs

pid	Process
3152	7e19acb746b719152feae73f663021e0_NEAS.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2736	1644	WerFault.exe	82
3024	3152	WerFault.exe	88
2896	3152	WerFault.exe	88
2360	3152	WerFault.exe	88
3116	3152	WerFault.exe	88
2496	3152	WerFault.exe	88
4332	3152	WerFault.exe	88

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1644	7e19acb746b719152feae73f663021e0_NEAS.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3152	7e19acb746b719152feae73f663021e0_NEAS.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 3152	1644	7e19acb746b719152feae73f663021e0_NEAS.exe	88
PID 1644 wrote to memory of 3152	1644	7e19acb746b719152feae73f663021e0_NEAS.exe	88
PID 1644 wrote to memory of 3152	1644	7e19acb746b719152feae73f663021e0_NEAS.exe	88

C:\Users\Admin\AppData\Local\Temp\7e19acb746b719152feae73f663021e0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7e19acb746b719152feae73f663021e0_NEAS.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 384
  2⤵
  - Program crash
  PID:2736
- C:\Users\Admin\AppData\Local\Temp\7e19acb746b719152feae73f663021e0_NEAS.exe
  C:\Users\Admin\AppData\Local\Temp\7e19acb746b719152feae73f663021e0_NEAS.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3152
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 352
    3⤵
    - Program crash
    PID:3024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 768
    3⤵
    - Program crash
    PID:2896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 772
    3⤵
    - Program crash
    PID:2360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 776
    3⤵
    - Program crash
    PID:3116
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 792
    3⤵
    - Program crash
    PID:2496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 544
    3⤵
    - Program crash
    PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1644 -ip 1644
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3152 -ip 3152
1⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3152 -ip 3152
1⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3152 -ip 3152
1⤵
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3152 -ip 3152
1⤵
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3152 -ip 3152
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3152 -ip 3152
1⤵
PID:3640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7e19acb746b719152feae73f663021e0_NEAS.exe

Filesize
256KB

MD5
a661c25968f7143d040eb3dfd6f8942a

SHA1
528fa30decda1f53d46e3f1e4aa9b3a94a29d466

SHA256
03ee2aab6f6437da35243b3d51476b62644648dddbde1a7de163c2efb0274539

SHA512
70c93836c4b1951680258ea3294e82138665b3b12cf35ba680a6cd285989dfce384ef25bcc3aee3c89403b5c35faff20056aab8157e086940c1aa30cf7c15907

Download Submit
memory/1644-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1644-6-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3152-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3152-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3152-13-0x0000000003DB0000-0x0000000003DF0000-memory.dmp

Filesize
256KB

Download