23446d35d70a344f42701ed89f6f717765693b4c032b3c431f721681637c6232

Analysis

max time kernel
221s
max time network
230s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6a3758f823d437dc09da62247891bba0.exe
Size

280KB
MD5

6a3758f823d437dc09da62247891bba0
SHA1

19ed121a1bef11a2a41dbe92e283e25227264ec6
SHA256

23446d35d70a344f42701ed89f6f717765693b4c032b3c431f721681637c6232
SHA512

7fb1895326cd1a12fd6923606a59a41079002586d0009da4356d52f2e8faecabc226bf93360ae95e36492f98e51c6c0e6bf331c421adbad6a0579f48039391aa
SSDEEP

6144:031LitMYo5TTVFjS7QYbZskaI6AIdA+RnDPynGU6+fix:031O+xTTVFqQerp6AADoGU6+fix

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3960	cpuirzc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\cpuirzc.exe	NEAS.6a3758f823d437dc09da62247891bba0.exe
File created	C:\PROGRA~3\Mozilla\kfofaem.dll	cpuirzc.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6a3758f823d437dc09da62247891bba0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6a3758f823d437dc09da62247891bba0.exe"
1⤵
- Drops file in Program Files directory
PID:3684

C:\PROGRA~3\Mozilla\cpuirzc.exe
C:\PROGRA~3\Mozilla\cpuirzc.exe -yyraenb
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\cpuirzc.exe

Filesize
280KB

MD5
c8fb40a0f9b3c10cd7b093465055ff38

SHA1
287e3780ce42e77a68548deae5fda72dfa5b18c6

SHA256
5dd8077e29252adbf95d5248aeedba2e51b5a888a578d3d5061763c4e4a08c05

SHA512
bf37f32393bc450b1017a59974785ef9813650afd9d22e5a9d1f24af0cddd618afc5bf17d2cd1a32f0e7b51b43643fa82a2f0f8471fa0a7c08ee5d727ca7b38e

Download Submit
C:\ProgramData\Mozilla\cpuirzc.exe

Filesize
280KB

MD5
c8fb40a0f9b3c10cd7b093465055ff38

SHA1
287e3780ce42e77a68548deae5fda72dfa5b18c6

SHA256
5dd8077e29252adbf95d5248aeedba2e51b5a888a578d3d5061763c4e4a08c05

SHA512
bf37f32393bc450b1017a59974785ef9813650afd9d22e5a9d1f24af0cddd618afc5bf17d2cd1a32f0e7b51b43643fa82a2f0f8471fa0a7c08ee5d727ca7b38e

Download Submit
memory/3684-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3684-1-0x00000000020A0000-0x00000000020FB000-memory.dmp

Filesize
364KB

Download
memory/3684-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3684-4-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3684-5-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3960-9-0x0000000000730000-0x000000000078B000-memory.dmp

Filesize
364KB

Download
memory/3960-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3960-12-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3960-14-0x0000000000730000-0x000000000078B000-memory.dmp

Filesize
364KB

Download