Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/03/2025, 08:12

General

  • Target

    NeonToolV3.exe

  • Size

    84.4MB

  • MD5

    cf7fdb52e1becb981a44fb696d19e65f

  • SHA1

    5dc995b9a82516d4ee31dcec7c06c945d1bc3a97

  • SHA256

    530f08f4c0fdd69377f813ae431a221e10979f4d012855723630ab92cf6f4f7d

  • SHA512

    cd18b555b9583e39c58de5bb01a6bd540ea62fd61cb6b92e5c5bb342ddceb4658d053327ad3087937fe186df6cb3f71d87aef65c5085eb9d3b6a68a88401f82d

  • SSDEEP

    1572864:BtIupuqVjlVWXILP4OkiqOv8im2ARGE7TlhpBBRgiYweyJulZUdgk7ZLCPmVXPe:IYFbCILgOknOv8i3K7LpnRZpug7tfe

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NeonToolV3.exe
    "C:\Users\Admin\AppData\Local\Temp\NeonToolV3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\NeonToolV3.exe
      "C:\Users\Admin\AppData\Local\Temp\NeonToolV3.exe"
      2⤵
      • Loads dropped DLL
      PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21962\api-ms-win-core-file-l1-2-0.dll

    Filesize

    22KB

    MD5

    2083c4c18b0b2d501995bf1af79bbcf1

    SHA1

    9cbd7dd86fba3f1829d2f9614caa83958f690e99

    SHA256

    01b61d57ba1290bf2640ecee28de3d240eeb09e9c664c0f4d0f9402cd1da5eaf

    SHA512

    5eb5455989e1dbc8655c510d2b596d422078ecef8342d9d10797eba2d8aa1562b9037ede35f00222c3cfb6f46e003bd4bd1e17faa2d19e0aeb63e970c978da23

  • C:\Users\Admin\AppData\Local\Temp\_MEI21962\api-ms-win-core-file-l2-1-0.dll

    Filesize

    22KB

    MD5

    aaf93ef5c6eca9434286274ef91794dd

    SHA1

    b68cd2f56e5c840346e3ad52255a6061c1797a7b

    SHA256

    4413208101061038455b7e0752fb37d4108b3ec4642d10cbaddf835b3843888e

    SHA512

    04a30769851b829e71ba0ab3f1a76eceae565dd639047b4c6ff9952bc4d6502d117eec81e151843dfaa147894e3046a333e39d2dae2ae65effd7dc1b91368541

  • C:\Users\Admin\AppData\Local\Temp\_MEI21962\api-ms-win-core-localization-l1-2-0.dll

    Filesize

    22KB

    MD5

    9e1e3021560384db14b76243df9604e4

    SHA1

    f79a3241314f18db0b979af8e114c191d499a7c9

    SHA256

    197b29ba3989e8d974e29f81fbddd0731051399dc40763bda998a1e36d1c3ab4

    SHA512

    3187122bd3e20dc74efac802b86c612573682370a8b24c3ec7769e67de525b68c91506b85df3ea2d028d4018d14833c980ab2b220aee41b96e2dd9c9d0a67914

  • C:\Users\Admin\AppData\Local\Temp\_MEI21962\api-ms-win-core-processthreads-l1-1-1.dll

    Filesize

    22KB

    MD5

    bf87834418025b5894d2130668352125

    SHA1

    ef15f9b1ae6fb271549dd2cef8fb11ba5633c865

    SHA256

    408081a4655ee846c1067aaafe462a62fa3a562341e681d0dbbf3400362f5cf7

    SHA512

    b115687e542fc1a7f342cf610c450dc726d79e7b8e63bb2d5761a47464796fbf8c880ed811149443734f0d47c4cf8b2694a3703004d69cbd62fbf2a96d9667ec

  • C:\Users\Admin\AppData\Local\Temp\_MEI21962\python312.dll

    Filesize

    1.7MB

    MD5

    71070618402c15a2fad5ca70c9ef7297

    SHA1

    34fedbf17a57010c5cd20ef4e690616859cc8e68

    SHA256

    7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

    SHA512

    81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

  • C:\Users\Admin\AppData\Local\Temp\_MEI21962\ucrtbase.dll

    Filesize

    1.1MB

    MD5

    8f53604f28132832353c099fadb2a54c

    SHA1

    7679e25d80e7d551c390e6ac6f7561bf2368f734

    SHA256

    5d652e1ba943587035b573e0dbcdc8a2f114030ac5cae4894805cc228dda3d22

    SHA512

    5b7e3775a0eca8ade32e092287342f20c80ba3f96ce2008eff5a68e0ac952087f4a19ca5f6a7bf1e3a8add8aed49ec8168238461f777445104bae9d89b99a43a

  • \Users\Admin\AppData\Local\Temp\_MEI21962\api-ms-win-core-timezone-l1-1-0.dll

    Filesize

    22KB

    MD5

    80bd4ecd52c736047b21f0c4c6bdaa95

    SHA1

    8ac491285818f19485351253129889839d97aedf

    SHA256

    04f932559f3e5eec0d929d60ab501fc0f6037e97b241e2b3ddd3ad16fedaa23c

    SHA512

    3f79a2c1635eec05c7a9e561842e2bed227d1d3db72b6cc34e121bfeb29755d51db707bee955a1d1e24e4faea8ef8426283b8c0820a528001851600ab20cf7e3

  • memory/1368-1323-0x000007FEF5840000-0x000007FEF5F05000-memory.dmp

    Filesize

    6.8MB