Overview

overview

10

Static

static

10

русск...ce.exe

windows7-x64

русск...ce.exe

windows10-2004-x64

русск...ts.vbs

windows7-x64

1

русск...ts.vbs

windows10-2004-x64

1

русск...es.vbs

windows7-x64

1

русск...es.vbs

windows10-2004-x64

1

русск...gs.vbs

windows7-x64

1

русск...gs.vbs

windows10-2004-x64

1

русск...es.vbs

windows7-x64

1

русск...es.vbs

windows10-2004-x64

1

русск...ns.vbs

windows7-x64

1

русск...ns.vbs

windows10-2004-x64

1

русск...ts.vbs

windows7-x64

1

русск...ts.vbs

windows10-2004-x64

1

русск...ld.vbs

windows7-x64

1

русск...ld.vbs

windows10-2004-x64

1

русск...nc.dll

windows7-x64

3

русск...nc.dll

windows10-2004-x64

3

русск...nc.dll

windows7-x64

3

русск...nc.dll

windows10-2004-x64

3

русск...cc.exe

windows7-x64

3

русск...cc.exe

windows10-2004-x64

3

русск...no.exe

windows7-x64

10

русск...no.exe

windows10-2004-x64

10

русск...ck.dll

windows7-x64

3

русск...ck.dll

windows10-2004-x64

3

русск...ack.so

ubuntu-24.04-amd64

1

русск...ex.dll

windows7-x64

3

русск...ex.dll

windows10-2004-x64

3

русск...gex.so

ubuntu-22.04-amd64

1

русск...er.dll

windows7-x64

3

русск...er.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/10/2024, 07:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    русский экстримальный сервер/pawno/pawno.exe

  • Size

    421KB

  • MD5

    b9fb7dcd6db0eb83d8def923d62c13c1

  • SHA1

    d137ffb2abf89b3accaabf22ef3be92c3927d3b0

  • SHA256

    9c8e3d64896e0b5a65e4df7eff46d6d765c8579504d49f5c5b4c7cee230182de

  • SHA512

    59a64e42446cae4c78f581da3d1ea535c7718f2e064d4ddbb5231f582262694d66578afccf71d73e295194410fc0d7a4123ff87207093e93b1cbacd675e8d21d

  • SSDEEP

    12288:mTWKYEEF5J87vzLh8aVJSTHZqV5dU79gqV5dU79gqV5dU7k:mzJ45J8DznVJCqV5yWqV5yWqV5yw

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Signatures

  • Detect Neshta payload 3 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\русский экстримальный сервер\pawno\pawno.exe
    "C:\Users\Admin\AppData\Local\Temp\русский экстримальный сервер\pawno\pawno.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:3688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
    Filesize

    86KB

    MD5

    2701f5f07f9c3bd97f752b93e11224a6

    SHA1

    19e11632c430f6db218be7d54719e7d16005703f

    SHA256

    15dc0e52a821f2c356d6c9eac4ac41fa53ab1742a5f719de4e8be28d86ca3a99

    SHA512

    121ba9218c676c28e432f3ffa0e13f4b14f3726e5d8521c239641f24b869063de27608689daab4c81d1eea0b3f67072e42fca558bf379c60a8370cd15d37b81d

    Download Submit

  • memory/3688-84-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3688-85-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3688-87-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download