Overview

overview

10

Static

static

10

2fe9285e9a...04.exe

windows7-x64

10

2fe9285e9a...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2024 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fe9285e9a37fb08cb97656df21e06e75160492d131c370b4385ccf1825e7204.exe

  • Size

    427KB

  • MD5

    dc807ac5b85e27d7a376fa0d86f07184

  • SHA1

    ac46624249b9ac7d9174c739c3e0e81b727b9644

  • SHA256

    2fe9285e9a37fb08cb97656df21e06e75160492d131c370b4385ccf1825e7204

  • SHA512

    b18b26a02953328eeea306e4b86df5b0a818ec495f8063405fa5a497585b4ff63baa9ebfc244537583466dd61d7789164a47f3b9043dcbc06574578e77ed6a68

  • SSDEEP

    3072:sr85Cq+1BlB+/AXCpSnymOksQEpm0/A+0hS7Qv4DhP/+1BlBYmTOh4eqbeNMS+11:k9rc/IQay1D7/An07Qv49ojeqbeNaZ

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Signatures

  • Detect Neshta payload 5 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fe9285e9a37fb08cb97656df21e06e75160492d131c370b4385ccf1825e7204.exe
    "C:\Users\Admin\AppData\Local\Temp\2fe9285e9a37fb08cb97656df21e06e75160492d131c370b4385ccf1825e7204.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:4816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
    Filesize

    86KB

    MD5

    3b73078a714bf61d1c19ebc3afc0e454

    SHA1

    9abeabd74613a2f533e2244c9ee6f967188e4e7e

    SHA256

    ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

    SHA512

    75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\2fe9285e9a37fb08cb97656df21e06e75160492d131c370b4385ccf1825e7204.exe
    Filesize

    386KB

    MD5

    ad79b9ec585c53f2afc8c64a2693fd0f

    SHA1

    94eed468673a133da612ab2ec3992b3a33c82c6f

    SHA256

    db928985cdacce891179488c7ba92593217677a2d65e7271ac7cc5d8d83f3182

    SHA512

    188e5d236398d6b8505ee8ead437a7c21125589c0c1f0e9eb7d79d9b92f72f8d2403ded4b9c9f58d251ee4ee160e9c72ae5020161177ef1b954d8d6fd951bec6

    Download Submit

  • memory/4816-93-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4816-94-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4816-95-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4816-97-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download