Analysis
-
max time kernel
162s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2023 20:34
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a8183377f88070b5d7f06be1330eb010.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.a8183377f88070b5d7f06be1330eb010.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.a8183377f88070b5d7f06be1330eb010.exe
-
Size
182KB
-
MD5
a8183377f88070b5d7f06be1330eb010
-
SHA1
4ad686f062683f5eaea3cbb2c923efba3c8c3025
-
SHA256
d3704e176ea8c6e8fbe65ad40da6504df7ead2a86b356ae56a5e7171e28dcb46
-
SHA512
f1fae69830fc207ac88379a784bc8463c2388eb0104c778407acd756768f90e9735e6e4d7fb378a32ee19a5b19618999ee27959c5422293e848066dce100dc13
-
SSDEEP
3072:2e+N8sceIO+wq4YuThkFcex8kD4wuitYpI0dZef0+7:2eBe2wsuThkKe81ppIwZef0+7
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1788 osznrcg.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jxwnhac.dll osznrcg.exe File created C:\PROGRA~3\Mozilla\osznrcg.exe NEAS.a8183377f88070b5d7f06be1330eb010.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a8183377f88070b5d7f06be1330eb010.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a8183377f88070b5d7f06be1330eb010.exe"1⤵
- Drops file in Program Files directory
PID:3792
-
C:\PROGRA~3\Mozilla\osznrcg.exeC:\PROGRA~3\Mozilla\osznrcg.exe -jeeiybc1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
182KB
MD512cc15523289e90893c82c3fa53f2450
SHA17f2d23c9defec4b6684215f3d0683186b11feb69
SHA25630751746277b7c32fc8b01667cf2df571d929cbfc7271064b9e6c18d9a2aaa74
SHA5121707b6caaa30c3000acffaf6fc41878c91209cb7873ba7981060bc9e7036c7acf2617dee7d6516c14d50a0376526a1e35dd6cb529ad2e74c4090ccb0de480c85
-
Filesize
182KB
MD512cc15523289e90893c82c3fa53f2450
SHA17f2d23c9defec4b6684215f3d0683186b11feb69
SHA25630751746277b7c32fc8b01667cf2df571d929cbfc7271064b9e6c18d9a2aaa74
SHA5121707b6caaa30c3000acffaf6fc41878c91209cb7873ba7981060bc9e7036c7acf2617dee7d6516c14d50a0376526a1e35dd6cb529ad2e74c4090ccb0de480c85