Overview

overview

7

Static

static

3

0e0af88c5e...AS.exe

windows7-x64

7

0e0af88c5e...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e0af88c5e7eaf5507a53986a5e3be40_NEAS.exe

  • Size

    26KB

  • MD5

    0e0af88c5e7eaf5507a53986a5e3be40

  • SHA1

    28f3e67ef56c4aaaa0013c427641c6ff22f300f7

  • SHA256

    c8127fbddde14300adb3ba81a667aaab90c58b828d6c291e659b88b4d26d96a5

  • SHA512

    57910589e9200ce78993164deab0197f74a7c5f5d21b3c507fb81811c4c2cb0c74ac93b882aa61c3c6d3ec97a60fc6b8045e0600a5fbd44f1dd270f1da51161a

  • SSDEEP

    768:/qPJtUA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKhJJhgcw:/q0A6C1VqaqhtgVRNToV7TtRu8rM0wY3

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e0af88c5e7eaf5507a53986a5e3be40_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\0e0af88c5e7eaf5507a53986a5e3be40_NEAS.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    26KB

    MD5

    4353cd691c7ad8767e5081ae97ecf789

    SHA1

    6317adf45391d9569e9cebd90731538dd072aaf8

    SHA256

    b4c00bbc97ab3ef7897632a0d97a91e952c9c39ded44ddcc5b6a2f6b230c9bd6

    SHA512

    c7c13fdc6f998da5449e939699fc01a117d69f3e790325ba65604e23403457d045ccb3c9e15524b319931a374a93eeb594ec900468ddb2675e1345b4ced72382

    Download Submit

  • memory/2196-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3512-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download