Analysis
-
max time kernel
141s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13-10-2023 19:43
General
-
Target
NEAS.NEASd705438fb4c12a6a8340cee8eda2e9a7exe.exe
-
Size
67KB
-
MD5
d705438fb4c12a6a8340cee8eda2e9a7
-
SHA1
01cee0d45616ce9982457e10b8ce5b8252304b81
-
SHA256
69c235cfad3acd7688ee03178e1b30a3cba780ebde800a58253d8e39f6e1f674
-
SHA512
9142ca6d102285a7e093601daaba15db59095c48377e8e5cf340d581b55cde2c92be36a85fec747499e753ff9500397466b33ec818d254bcc59e17992dbd8d68
-
SSDEEP
1536:x0VKYRFYB5r3m+j/Dz7V6dPfoXLFcuesJifTduD4oTxw:2FYjrWenV6dPffuesJibdMTxw
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.NEASd705438fb4c12a6a8340cee8eda2e9a7exe.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASd705438fb4c12a6a8340cee8eda2e9a7exe.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Camddhoi.exeC:\Windows\system32\Camddhoi.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dhclmp32.exeC:\Windows\system32\Dhclmp32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dndnpf32.exeC:\Windows\system32\Dndnpf32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbbffdlq.exeC:\Windows\system32\Dbbffdlq.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebgpad32.exeC:\Windows\system32\Ebgpad32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emanjldl.exeC:\Windows\system32\Emanjldl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fmfgek32.exeC:\Windows\system32\Fmfgek32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpkibf32.exeC:\Windows\system32\Fpkibf32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gppcmeem.exeC:\Windows\system32\Gppcmeem.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hedafk32.exeC:\Windows\system32\Hedafk32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hoobdp32.exeC:\Windows\system32\Hoobdp32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hlepcdoa.exeC:\Windows\system32\Hlepcdoa.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hmdlmg32.exeC:\Windows\system32\Hmdlmg32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipjoja32.exeC:\Windows\system32\Ipjoja32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ieidhh32.exeC:\Windows\system32\Ieidhh32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Jcoaglhk.exeC:\Windows\system32\Jcoaglhk.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jofalmmp.exeC:\Windows\system32\Jofalmmp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jgbchj32.exeC:\Windows\system32\Jgbchj32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Koodbl32.exeC:\Windows\system32\Koodbl32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kpanan32.exeC:\Windows\system32\Kpanan32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjlopc32.exeC:\Windows\system32\Kjlopc32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lflbkcll.exeC:\Windows\system32\Lflbkcll.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfqlfb32.exeC:\Windows\system32\Mfqlfb32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mgbefe32.exeC:\Windows\system32\Mgbefe32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nqmfdj32.exeC:\Windows\system32\Nqmfdj32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmfcok32.exeC:\Windows\system32\Nmfcok32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngndaccj.exeC:\Windows\system32\Ngndaccj.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ocgbld32.exeC:\Windows\system32\Ocgbld32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojhpimhp.exeC:\Windows\system32\Ojhpimhp.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmlfqh32.exeC:\Windows\system32\Pmlfqh32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmpolgoi.exeC:\Windows\system32\Pmpolgoi.exe16⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Agdcpkll.exeC:\Windows\system32\Agdcpkll.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdmmeo32.exeC:\Windows\system32\Bdmmeo32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpmapodj.exeC:\Windows\system32\Cpmapodj.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cogddd32.exeC:\Windows\system32\Cogddd32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dakikoom.exeC:\Windows\system32\Dakikoom.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eohmkb32.exeC:\Windows\system32\Eohmkb32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Egened32.exeC:\Windows\system32\Egened32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqbliicp.exeC:\Windows\system32\Fqbliicp.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnnccl32.exeC:\Windows\system32\Gnnccl32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gihpkd32.exeC:\Windows\system32\Gihpkd32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gaebef32.exeC:\Windows\system32\Gaebef32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hecjke32.exeC:\Windows\system32\Hecjke32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnnljj32.exeC:\Windows\system32\Hnnljj32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hbnaeh32.exeC:\Windows\system32\Hbnaeh32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iacngdgj.exeC:\Windows\system32\Iacngdgj.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihpcinld.exeC:\Windows\system32\Ihpcinld.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ilphdlqh.exeC:\Windows\system32\Ilphdlqh.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jppnpjel.exeC:\Windows\system32\Jppnpjel.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Joekag32.exeC:\Windows\system32\Joekag32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kiphjo32.exeC:\Windows\system32\Kiphjo32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klekfinp.exeC:\Windows\system32\Klekfinp.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpepbgbd.exeC:\Windows\system32\Lpepbgbd.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Loofnccf.exeC:\Windows\system32\Loofnccf.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjggal32.exeC:\Windows\system32\Mjggal32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Modpib32.exeC:\Windows\system32\Modpib32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjnnbk32.exeC:\Windows\system32\Mjnnbk32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfihbk32.exeC:\Windows\system32\Nfihbk32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfnamjhk.exeC:\Windows\system32\Nfnamjhk.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omopjcjp.exeC:\Windows\system32\Omopjcjp.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oihmedma.exeC:\Windows\system32\Oihmedma.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcbkml32.exeC:\Windows\system32\Pcbkml32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pjaleemj.exeC:\Windows\system32\Pjaleemj.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qfmfefni.exeC:\Windows\system32\Qfmfefni.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adepji32.exeC:\Windows\system32\Adepji32.exe50⤵
-
C:\Windows\SysWOW64\Aaiqcnhg.exeC:\Windows\system32\Aaiqcnhg.exe51⤵
-
C:\Windows\SysWOW64\Bpqjjjjl.exeC:\Windows\system32\Bpqjjjjl.exe52⤵
-
C:\Windows\SysWOW64\Cpljehpo.exeC:\Windows\system32\Cpljehpo.exe53⤵
-
C:\Windows\SysWOW64\Caqpkjcl.exeC:\Windows\system32\Caqpkjcl.exe54⤵
-
C:\Windows\SysWOW64\Fggdpnkf.exeC:\Windows\system32\Fggdpnkf.exe55⤵
-
C:\Windows\SysWOW64\Gkcigjel.exeC:\Windows\system32\Gkcigjel.exe56⤵
-
C:\Windows\SysWOW64\Hnkhjdle.exeC:\Windows\system32\Hnkhjdle.exe57⤵
-
C:\Windows\SysWOW64\Hkohchko.exeC:\Windows\system32\Hkohchko.exe58⤵
-
C:\Windows\SysWOW64\Hcljmj32.exeC:\Windows\system32\Hcljmj32.exe59⤵
-
C:\Windows\SysWOW64\Ieqpbm32.exeC:\Windows\system32\Ieqpbm32.exe60⤵
-
C:\Windows\SysWOW64\Janghmia.exeC:\Windows\system32\Janghmia.exe61⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khabke32.exeC:\Windows\system32\Khabke32.exe62⤵
-
C:\Windows\SysWOW64\Kejloi32.exeC:\Windows\system32\Kejloi32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kkgdhp32.exeC:\Windows\system32\Kkgdhp32.exe64⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lbebilli.exeC:\Windows\system32\Lbebilli.exe65⤵
-
C:\Windows\SysWOW64\Llngbabj.exeC:\Windows\system32\Llngbabj.exe66⤵
-
C:\Windows\SysWOW64\Mlbpma32.exeC:\Windows\system32\Mlbpma32.exe67⤵
-
C:\Windows\SysWOW64\Mdpagc32.exeC:\Windows\system32\Mdpagc32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mcabej32.exeC:\Windows\system32\Mcabej32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nakhaf32.exeC:\Windows\system32\Nakhaf32.exe70⤵
-
C:\Windows\SysWOW64\Namegfql.exeC:\Windows\system32\Namegfql.exe71⤵
-
C:\Windows\SysWOW64\Ofbdncaj.exeC:\Windows\system32\Ofbdncaj.exe72⤵
-
C:\Windows\SysWOW64\Obpkcc32.exeC:\Windows\system32\Obpkcc32.exe73⤵
-
C:\Windows\SysWOW64\Qckfid32.exeC:\Windows\system32\Qckfid32.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qcncodki.exeC:\Windows\system32\Qcncodki.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Apddce32.exeC:\Windows\system32\Apddce32.exe76⤵
-
C:\Windows\SysWOW64\Aealll32.exeC:\Windows\system32\Aealll32.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Alkeifga.exeC:\Windows\system32\Alkeifga.exe78⤵
-
C:\Windows\SysWOW64\Aecialmb.exeC:\Windows\system32\Aecialmb.exe79⤵
-
C:\Windows\SysWOW64\Almanf32.exeC:\Windows\system32\Almanf32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aiabhj32.exeC:\Windows\system32\Aiabhj32.exe81⤵
-
C:\Windows\SysWOW64\Afeban32.exeC:\Windows\system32\Afeban32.exe82⤵
-
C:\Windows\SysWOW64\Bldgoeog.exeC:\Windows\system32\Bldgoeog.exe83⤵
-
C:\Windows\SysWOW64\Bfjllnnm.exeC:\Windows\system32\Bfjllnnm.exe84⤵
-
C:\Windows\SysWOW64\Blgddd32.exeC:\Windows\system32\Blgddd32.exe85⤵
-
C:\Windows\SysWOW64\Bikeni32.exeC:\Windows\system32\Bikeni32.exe86⤵
-
C:\Windows\SysWOW64\Bpemkcck.exeC:\Windows\system32\Bpemkcck.exe87⤵
-
C:\Windows\SysWOW64\Bfoegm32.exeC:\Windows\system32\Bfoegm32.exe88⤵
-
C:\Windows\SysWOW64\Blknpdho.exeC:\Windows\system32\Blknpdho.exe89⤵
-
C:\Windows\SysWOW64\Bmkjig32.exeC:\Windows\system32\Bmkjig32.exe90⤵
-
C:\Windows\SysWOW64\Cibkohef.exeC:\Windows\system32\Cibkohef.exe91⤵
-
C:\Windows\SysWOW64\Cbjogmlf.exeC:\Windows\system32\Cbjogmlf.exe92⤵
-
C:\Windows\SysWOW64\Clbdpc32.exeC:\Windows\system32\Clbdpc32.exe93⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cekhihig.exeC:\Windows\system32\Cekhihig.exe94⤵
-
C:\Windows\SysWOW64\Cpqlfa32.exeC:\Windows\system32\Cpqlfa32.exe95⤵
-
C:\Windows\SysWOW64\Ciiaogon.exeC:\Windows\system32\Ciiaogon.exe96⤵
-
C:\Windows\SysWOW64\Clijablo.exeC:\Windows\system32\Clijablo.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dllffa32.exeC:\Windows\system32\Dllffa32.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dedkogqm.exeC:\Windows\system32\Dedkogqm.exe99⤵
-
C:\Windows\SysWOW64\Dmnpfd32.exeC:\Windows\system32\Dmnpfd32.exe100⤵
-
C:\Windows\SysWOW64\Ijfkpnji.exeC:\Windows\system32\Ijfkpnji.exe101⤵
-
C:\Windows\SysWOW64\Infqklol.exeC:\Windows\system32\Infqklol.exe102⤵
-
C:\Windows\SysWOW64\Igneda32.exeC:\Windows\system32\Igneda32.exe103⤵
-
C:\Windows\SysWOW64\Ifcben32.exeC:\Windows\system32\Ifcben32.exe104⤵
-
C:\Windows\SysWOW64\Iaifbg32.exeC:\Windows\system32\Iaifbg32.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jgcooaah.exeC:\Windows\system32\Jgcooaah.exe106⤵
-
C:\Windows\SysWOW64\Jmpgghoo.exeC:\Windows\system32\Jmpgghoo.exe107⤵
-
C:\Windows\SysWOW64\Jcjodbgl.exeC:\Windows\system32\Jcjodbgl.exe108⤵
-
C:\Windows\SysWOW64\Jnocakfb.exeC:\Windows\system32\Jnocakfb.exe109⤵
-
C:\Windows\SysWOW64\Jclljaei.exeC:\Windows\system32\Jclljaei.exe110⤵
-
C:\Windows\SysWOW64\Kmlgcf32.exeC:\Windows\system32\Kmlgcf32.exe111⤵
-
C:\Windows\SysWOW64\Khakqo32.exeC:\Windows\system32\Khakqo32.exe112⤵
-
C:\Windows\SysWOW64\Kfidgk32.exeC:\Windows\system32\Kfidgk32.exe113⤵
-
C:\Windows\SysWOW64\Kanidd32.exeC:\Windows\system32\Kanidd32.exe114⤵
-
C:\Windows\SysWOW64\Kfkamk32.exeC:\Windows\system32\Kfkamk32.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmeiie32.exeC:\Windows\system32\Kmeiie32.exe116⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lhjnfn32.exeC:\Windows\system32\Lhjnfn32.exe117⤵
-
C:\Windows\SysWOW64\Loiong32.exeC:\Windows\system32\Loiong32.exe118⤵
-
C:\Windows\SysWOW64\Lhadgmge.exeC:\Windows\system32\Lhadgmge.exe119⤵
-
C:\Windows\SysWOW64\Mdkabmjf.exeC:\Windows\system32\Mdkabmjf.exe120⤵
-
C:\Windows\SysWOW64\Mhhjhlqm.exeC:\Windows\system32\Mhhjhlqm.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-