Overview

overview

10

Static

static

10

b91ba1d72a...96.exe

windows7-x64

10

b91ba1d72a...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2024 20:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b91ba1d72a881d8a0499aa534c76c3a4f9699bef0443e44c1b22ce1551525f96.exe

  • Size

    1.1MB

  • MD5

    c9bf7a1ee9850c3d13c36385bead0357

  • SHA1

    99aa8519ad9adeb58ee1443929c4377358eb941e

  • SHA256

    b91ba1d72a881d8a0499aa534c76c3a4f9699bef0443e44c1b22ce1551525f96

  • SHA512

    52819019ccab44cb3572fb23f39ff6a01e45ca6299b46f3e8b2e41d8c293d668ee161b2b7b47198a55c24f9206528b7fb46343ec4fafca0cfe5fb65e74c21676

  • SSDEEP

    24576:Yh1pXwc+Oq8vJ98kGrWIs3sl4ZX6YUrc7u:YjpXwc5qEJ9b/Is3sl4Z1Urc7u

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Signatures

  • Detect Neshta payload 4 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b91ba1d72a881d8a0499aa534c76c3a4f9699bef0443e44c1b22ce1551525f96.exe
    "C:\Users\Admin\AppData\Local\Temp\b91ba1d72a881d8a0499aa534c76c3a4f9699bef0443e44c1b22ce1551525f96.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:1520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
    Filesize

    86KB

    MD5

    3b73078a714bf61d1c19ebc3afc0e454

    SHA1

    9abeabd74613a2f533e2244c9ee6f967188e4e7e

    SHA256

    ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

    SHA512

    75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\b91ba1d72a881d8a0499aa534c76c3a4f9699bef0443e44c1b22ce1551525f96.exe
    Filesize

    1.0MB

    MD5

    ce0eed32121663867d05b7da35b3cc71

    SHA1

    346df300f6ce41196c3968b12f87963e36836eb0

    SHA256

    7a8a075d65be62b79f8b9c3a3bc3596091399bcaa4988c56f2f90a53d76b0c3b

    SHA512

    141274063197d90bbd6fd2cdc53a9eebf885bdecd923f3b75a9bbc47f584200538909924bed7c9985801e8ce84de0b6beb07eea282c58cfd00a4f3858847040f

    Download Submit

  • memory/1520-93-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1520-94-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1520-96-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download