2a580c410812903035ff3eaa669019bd9d296f2811f18535c8e0860b1ae5afbf

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0a344b87e03cea1fae6608215ec69df0_JC.exe
Size

248KB
MD5

0a344b87e03cea1fae6608215ec69df0
SHA1

5dcf8ca7b746427bab5160148db44de5ee93c568
SHA256

2a580c410812903035ff3eaa669019bd9d296f2811f18535c8e0860b1ae5afbf
SHA512

68824930630430ff94db525aa4357c197753f60055413bfc58ff6db10d20b9d89d97dcf42c2ae04af96eb0e1959e1ef98dcd814cfb2fcf7410481b531c69995f
SSDEEP

6144:TCm/I2Ns9ZsHQB8WFBVx1M27xLWNbGUMdZ/yTUemkcOZ:2mg2NsdBtBVU2I8vdZKCa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4632	8712.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libGLESv2.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL	8712.tmp
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso30win32client.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OLKFSTUB.DLL	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolui.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\PPSLAX.DLL	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso50win32client.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\SystemX86\mfc140.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d	8712.tmp
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	8712.tmp
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolap.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\SystemX86\mfc140u.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\mfc140u.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSCOPY.DLL	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\concrt140.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api	8712.tmp
File opened for modification	C:\Program Files\7-Zip\7z.sfx	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ONNXRuntime-0.5.X.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\PortalConnectCore.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll	8712.tmp
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MeetingJoinAxOC.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api	8712.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api	8712.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 4632	3368	NEAS.0a344b87e03cea1fae6608215ec69df0_JC.exe	87
PID 3368 wrote to memory of 4632	3368	NEAS.0a344b87e03cea1fae6608215ec69df0_JC.exe	87
PID 3368 wrote to memory of 4632	3368	NEAS.0a344b87e03cea1fae6608215ec69df0_JC.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.0a344b87e03cea1fae6608215ec69df0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0a344b87e03cea1fae6608215ec69df0_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Users\Admin\AppData\Local\Temp\8712.tmp
  C:\Users\Admin\AppData\Local\Temp\8712.tmp
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8712.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
C:\Users\Admin\AppData\Local\Temp\8712.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
memory/3368-1-0x0000000000610000-0x0000000000648000-memory.dmp

Filesize
224KB

Download
memory/3368-0-0x0000000000610000-0x0000000000648000-memory.dmp

Filesize
224KB

Download
memory/3368-2-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3368-13-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads