1de14a4c5def12562f271f900cd972e564f9b064c33499a2663006fbc3aefa25

Analysis

max time kernel
138s
max time network
161s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe
Size

360KB
MD5

ac841f1bbe4a4fc89be21c213ff37c50
SHA1

1ee6dd8bd9e4d9547ed17e22db4bb032d686377e
SHA256

1de14a4c5def12562f271f900cd972e564f9b064c33499a2663006fbc3aefa25
SHA512

680f11b8e787c744c7e0334f9a904fe50025278ef59ad9d3fe5732fcc5e9aa607ecaaff677fe00f2bb7ae0a867ddd6e5df5987b6548348d22e824acf90969904
SSDEEP

6144:5hqubAERRedLzVxwl0888U/Ob+50jFZ3mRV6OrCSy78cVhAbLYh:Pqu8oRedHVOl0888U/Oy5+26QiDD

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2040	NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe
2040	NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main	NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2040	NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2040	NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe
2040	NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ac841f1bbe4a4fc89be21c213ff37c50.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\wee694E.tmp

Filesize
258KB

MD5
9225cd6a93a735e7561f0276ce9e6b9c

SHA1
79172d1ceba038b651bd31ca5e0f81070a6e5cf2

SHA256
38f980db7e6a55d8a7a1f4d7cc1cfd973a516dd25f3b4d6d969ca4b5b114a025

SHA512
d364a86a7fde64186684d390df3985032b6afb2fced95dd3bc42356f35465b04360933289392a2a249de1b0cab0d7c5666302e7c1db449534e5cb1a1db392a0e

Download Submit
\Users\Admin\AppData\Local\Temp\wee694E.tmp

Filesize
258KB

MD5
9225cd6a93a735e7561f0276ce9e6b9c

SHA1
79172d1ceba038b651bd31ca5e0f81070a6e5cf2

SHA256
38f980db7e6a55d8a7a1f4d7cc1cfd973a516dd25f3b4d6d969ca4b5b114a025

SHA512
d364a86a7fde64186684d390df3985032b6afb2fced95dd3bc42356f35465b04360933289392a2a249de1b0cab0d7c5666302e7c1db449534e5cb1a1db392a0e

Download Submit
memory/2040-3-0x00000000749A0000-0x000000007508E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-2-0x0000000000470000-0x00000000004B6000-memory.dmp

Filesize
280KB

Download
memory/2040-4-0x0000000000C50000-0x0000000000C90000-memory.dmp

Filesize
256KB

Download
memory/2040-5-0x0000000000C50000-0x0000000000C90000-memory.dmp

Filesize
256KB

Download
memory/2040-6-0x0000000000C50000-0x0000000000C90000-memory.dmp

Filesize
256KB

Download
memory/2040-9-0x000000000C170000-0x000000000C916000-memory.dmp

Filesize
7.6MB

Download
memory/2040-17-0x00000000749A0000-0x000000007508E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-18-0x0000000000C50000-0x0000000000C90000-memory.dmp

Filesize
256KB

Download