Overview

overview

7

Static

static

3

e8492f4b9a...AS.exe

windows7-x64

7

e8492f4b9a...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8492f4b9a85cd18d2d15fe6191acb00_NEAS.exe

  • Size

    2.7MB

  • MD5

    e8492f4b9a85cd18d2d15fe6191acb00

  • SHA1

    9448a34ae14ce6c9556b06ad7892a6c03cb92344

  • SHA256

    d5199a194fe63ca89767512fbf5b0543effd9e226b72db3f6aa573d7feaed7ee

  • SHA512

    8348b1c21c01ab79d38a8ebfc3b8d7518d8e4fcc7c32f95104a6ed1f874e2b4d3c1bb85f552e977231694c248c739ada073114dd5bb92da8a4a8585d7b7f1020

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBz9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8492f4b9a85cd18d2d15fe6191acb00_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\e8492f4b9a85cd18d2d15fe6191acb00_NEAS.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\SysDrv4O\xdobloc.exe
      C:\SysDrv4O\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxJM\dobdevec.exe
    Filesize

    1.4MB

    MD5

    e51fb3922314e809e773a4867442747b

    SHA1

    9b43bc102543ba11dc2e2065de716eecd36d2c69

    SHA256

    ed69f6074cd7815d7fc409f7958487478af7979c3b48bd7d9ec51dcf898d935b

    SHA512

    da37547bf4133ba80b6341a48fb4223a953432fa5255b1eb89e35e0665097860e3834543feea96ef5024a90d1f681bde0a98014b2a411cc1ed807534b7712191

    Download Submit

  • C:\GalaxJM\dobdevec.exe
    Filesize

    2.7MB

    MD5

    6c2dce7de9ad78da7f8fc41a6e411972

    SHA1

    6354f4ebf421675d4b15073e93503692b11f9797

    SHA256

    8aa5443598e97aad2e986479f3da82d0b5bf9142edde65738fa7586fb457b704

    SHA512

    69631926818db5d378259d0fbeac13e85ef8eebbc14c00d39e748fd27c9ca071c205b922112dc5e3524eb3eab223ad2d4d951434d169bedb926625ee8ac8c18a

    Download Submit

  • C:\SysDrv4O\xdobloc.exe
    Filesize

    1.9MB

    MD5

    0a2be71536db48bdef56f75c89cb6201

    SHA1

    bbb760d46cd60c55be0fad70c0c4cc402e26c795

    SHA256

    5002eba90ef8e22c34cf3ba5d42f8f45d97dd6774b136da8b6bbeb11dcd4abe3

    SHA512

    b3bc9406f6181467515739c3bb5db21ea9c0da633e647d76cdb08ad8400142d6c8d4efcc34abd8f92c4894c0bfd29394624e8d7700383c99cdd429362d293fa4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    88fbd6ca58ffbe480ffd36aa663c0b1f

    SHA1

    6dff97098f5c07fea4374c500c8070ea938824a8

    SHA256

    68c5ac316697efb34ba6b5b502d62262cd692a53705ed10d6b0823f8dc950d4f

    SHA512

    49e47de947c2b7da2a0e8ec0bf110385da378f7e091c3221ec6e60cd099ade59248a3850037e786835728f484bd380d902454c59032ee902b1dcbd6873fa9d70

    Download Submit

  • \SysDrv4O\xdobloc.exe
    Filesize

    2.1MB

    MD5

    370fef98d57e5130e7f5353e55cc14f5

    SHA1

    293979ad8433b0d6b153499bc0312a8d3a3d57bc

    SHA256

    f247cc852936bd2e6bdcf23fb0ff2a4cfe63d983a3da7ec2e36f6ca5b17334f4

    SHA512

    eeb7085b994b2cc7a9ce266d0b42ece815d44f7ca5ca2cbfed0fce1a82ff2810502e467f5d31e3678e01a228180bd29242227f52ec504bb6db3d4a90be5f36f4

    Download Submit