4819d87fe9d0d0485fe85a3843a3e3ecd61ebe50a115dad01ec10275272be82a

Analysis

max time kernel
57s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2023 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NPE.exe
Size

16.2MB
MD5

ddfc82cf4eab81965e3ec8ca8915b00a
SHA1

1e5b94be6922e6198afe39a7fc695db291bffcf6
SHA256

4819d87fe9d0d0485fe85a3843a3e3ecd61ebe50a115dad01ec10275272be82a
SHA512

ac08fa6aa1e55a653ad48305bf19c346d0a82a30830ae5b8c84d557e44c57511e39c68deb786044481074fb694d3827f66cb66862ac52fb4437663e82d64ba42
SSDEEP

196608:dm9mJUAMfMvgTz2ENNFV8pYrqNpEdYo1NTXPJb:sCMfMQz2Ev8+rqNp1yXPJb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4984	NPE.exe
4984	NPE.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4984	NPE.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4984	NPE.exe

C:\Users\Admin\AppData\Local\Temp\NPE.exe
"C:\Users\Admin\AppData\Local\Temp\NPE.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Norton\NPE\NPEsettings.dat

Filesize
2KB

MD5
71ebdb1bb42d3465083db7d1514180c2

SHA1
67bc222df3561e0531511136bc0c76239e049473

SHA256
a0daf612f83fb196060b7d7b20311485f27185f8676bfd1f958eeea3cd1ea580

SHA512
bf55ab284a0cae45e7f2db2e9f65ea1479593a6236cbf5e48806097b3dc15083bb9bf75430756c20b17dd8b456fd00cf63036b3428f05e27d18982c81af81d57

Download Submit
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

Filesize
157B

MD5
cbb49b534d485057fd8645a457b6f390

SHA1
e2b12740ffd5a406ab996efcf7f63af5234e7668

SHA256
21a00d6a2b56e10836a8a2b9eca545704a54ad960eb88f6ce63b1c6ab77ff5e7

SHA512
86a63d2d8411ae28b44228487a55c736a6b69e3915f81e8a15619014cde394e5150d2e822f7f637420b0ed953464e28f576eca479b09fd02d6e0fc8675a4d987

Download Submit
C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat

Filesize
2KB

MD5
2455d5fb4fe308378edc45bf6ca1f77d

SHA1
c00e8aec2df0491da91a78f850403a7aba4dbefb

SHA256
994c5acbfcaa68ff669c18ec66c1901e5e7b25ca832cdda363f6e93ba548633c

SHA512
b6f3593bebcef56bbc850e9197d4a36873600fc1c25e020f14ab9e39fea533fd9f0635ed6715366ccdb999eb946e3ffb00b47fc1f84e1c2e8d5a38dbc8503921

Download Submit
C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat

Filesize
5KB

MD5
73ef54e5e01897a0519856bb2ce12a0b

SHA1
330d50006fc43bb302a9c6dcdf1f105a3f8611bf

SHA256
fff35e9fc5ce2c5c027d2bf61880bf0c741f0d0056c905a5f48214d60919fafe

SHA512
88069c0479ed164f36e813806f46d8b98c0964ad8c69eefc2173fd4d063f04eea47d0c518dd4c201ad6a27b03219ff8cce92f89b3699f7b6e8809ede7a2c10c7

Download Submit