21f99d0250abf123d64b1dc4b30438604a458bbf78c20af8e9e39bc91a669b3b

Analysis

max time kernel
178s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Size

320KB
MD5

7cb1d23282737104d5a28dcb22d5c3c0
SHA1

16ca7460bbec02fcd0b18118eddf7829a7f5abf3
SHA256

21f99d0250abf123d64b1dc4b30438604a458bbf78c20af8e9e39bc91a669b3b
SHA512

844cec4de04324c10bdbb5d8661b007ce20c6271209729e44a7cf2d3bfbdc622c40f421c1ac2d15879b028a1bc2fd1257c2faae495a199d670b2d0360080e33a
SSDEEP

6144:JG59uH2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:JG5u2EB0NxDIBuOFe7/uT

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 58 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\GetMove.mhtml	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\README.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\jtlnctqk.exe	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bklnbknw.exe	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\Welcome.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\ = "skcbbvxtrbjntjhe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\bklnbknw.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\jtlnctqk.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{930C0BFD-FE59-8B5C-23DE-8F7D6ACC65CC}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{930C0BFD-FE59-8B5C-23DE-8F7D6ACC65CC}\ = "rsqqrthjtkxbsclx"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "vshbjjllkrtjjbbl"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\ = "rtkksvlhqnsllcww"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{930C0BFD-FE59-8B5C-23DE-8F7D6ACC65CC}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{930C0BFD-FE59-8B5C-23DE-8F7D6ACC65CC}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "wvllsnjbcjqsrswr"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "hnretcwxstsekhlk"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "nkwqkrlktqebwwre"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "jljrestsenkbcttb"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "kwetelkbjwtlckhz"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}	NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.7cb1d23282737104d5a28dcb22d5c3c0.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3060-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/3060-1-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-2-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-3-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-7-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-8-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-9-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-10-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-11-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-12-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-13-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-14-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-15-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-16-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-17-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-18-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-19-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-20-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-21-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-22-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-23-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-24-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-25-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-26-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-27-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-28-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-29-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-30-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-31-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-32-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-33-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-34-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-35-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-36-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-37-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-38-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-39-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-40-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-41-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-42-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-43-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-44-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-45-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-46-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-47-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-48-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-49-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-50-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-51-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-52-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-53-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-54-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-55-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-56-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-57-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-58-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-59-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-60-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-61-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-62-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-63-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-64-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-65-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-394-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3060-3250-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads