Analysis
-
max time kernel
88s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 20:40
General
-
Target
NEAS.cce0df70e0982c3c85603f65cf405d60.exe
-
Size
404KB
-
MD5
cce0df70e0982c3c85603f65cf405d60
-
SHA1
352fe6b3736129d9d98483863b2b404679eaaa09
-
SHA256
6d7b622d95a7ae826fb508866602bd64108403e536d08a2eac042a078627a3f9
-
SHA512
a7e5f985eace309ce284d54fbef80bb5bef280a7443582ec92606f52014a186533726abf77179cd3c58c27c648c16f26838aa6180f932a57c050961307530d9e
-
SSDEEP
12288:dCVzUdIMwcMpV6yYP4rbpV6yYPg058KS:dC+d1wcMW4XWleKS
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.cce0df70e0982c3c85603f65cf405d60.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.cce0df70e0982c3c85603f65cf405d60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipoopgnf.exeC:\Windows\system32\Ipoopgnf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jgkdbacp.exeC:\Windows\system32\Jgkdbacp.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jgnqgqan.exeC:\Windows\system32\Jgnqgqan.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jddnfd32.exeC:\Windows\system32\Jddnfd32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjhloj32.exeC:\Windows\system32\Kjhloj32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmieae32.exeC:\Windows\system32\Kmieae32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kqfngd32.exeC:\Windows\system32\Kqfngd32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnjnqh32.exeC:\Windows\system32\Lnjnqh32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmpkadnm.exeC:\Windows\system32\Lmpkadnm.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnohlgep.exeC:\Windows\system32\Lnohlgep.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnadagbm.exeC:\Windows\system32\Lnadagbm.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lqbncb32.exeC:\Windows\system32\Lqbncb32.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Maggnali.exeC:\Windows\system32\Maggnali.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ahdged32.exeC:\Windows\system32\Ahdged32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adndoe32.exeC:\Windows\system32\Adndoe32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bemqih32.exeC:\Windows\system32\Bemqih32.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bepmoh32.exeC:\Windows\system32\Bepmoh32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bedgjgkg.exeC:\Windows\system32\Bedgjgkg.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bheplb32.exeC:\Windows\system32\Bheplb32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdlqqcnl.exeC:\Windows\system32\Cdlqqcnl.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Cbpajgmf.exeC:\Windows\system32\Cbpajgmf.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdpjlb32.exeC:\Windows\system32\Cdpjlb32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cohkokgj.exeC:\Windows\system32\Cohkokgj.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhclmp32.exeC:\Windows\system32\Dhclmp32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmadco32.exeC:\Windows\system32\Dmadco32.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ddligq32.exeC:\Windows\system32\Ddligq32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkhnjk32.exeC:\Windows\system32\Dkhnjk32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eofgpikj.exeC:\Windows\system32\Eofgpikj.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eeelnp32.exeC:\Windows\system32\Eeelnp32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emoadlfo.exeC:\Windows\system32\Emoadlfo.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efgemb32.exeC:\Windows\system32\Efgemb32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbpchb32.exeC:\Windows\system32\Fbpchb32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmfgek32.exeC:\Windows\system32\Fmfgek32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fimhjl32.exeC:\Windows\system32\Fimhjl32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbelcblk.exeC:\Windows\system32\Fbelcblk.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffceip32.exeC:\Windows\system32\Ffceip32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gehbjm32.exeC:\Windows\system32\Gehbjm32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gejopl32.exeC:\Windows\system32\Gejopl32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glgcbf32.exeC:\Windows\system32\Glgcbf32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gflhoo32.exeC:\Windows\system32\Gflhoo32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpelhd32.exeC:\Windows\system32\Gpelhd32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Geaepk32.exeC:\Windows\system32\Geaepk32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpgind32.exeC:\Windows\system32\Gpgind32.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hmkigh32.exeC:\Windows\system32\Hmkigh32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hfcnpn32.exeC:\Windows\system32\Hfcnpn32.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hlpfhe32.exeC:\Windows\system32\Hlpfhe32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hehkajig.exeC:\Windows\system32\Hehkajig.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hoaojp32.exeC:\Windows\system32\Hoaojp32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hmbphg32.exeC:\Windows\system32\Hmbphg32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hemdlj32.exeC:\Windows\system32\Hemdlj32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpchib32.exeC:\Windows\system32\Hpchib32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iikmbh32.exeC:\Windows\system32\Iikmbh32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ipgbdbqb.exeC:\Windows\system32\Ipgbdbqb.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iipfmggc.exeC:\Windows\system32\Iipfmggc.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iomoenej.exeC:\Windows\system32\Iomoenej.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iibccgep.exeC:\Windows\system32\Iibccgep.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioolkncg.exeC:\Windows\system32\Ioolkncg.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iidphgcn.exeC:\Windows\system32\Iidphgcn.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Joahqn32.exeC:\Windows\system32\Joahqn32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jiglnf32.exeC:\Windows\system32\Jiglnf32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jocefm32.exeC:\Windows\system32\Jocefm32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jlgepanl.exeC:\Windows\system32\Jlgepanl.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jepjhg32.exeC:\Windows\system32\Jepjhg32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Johnamkm.exeC:\Windows\system32\Johnamkm.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jinboekc.exeC:\Windows\system32\Jinboekc.exe45⤵
-
C:\Windows\SysWOW64\Jcfggkac.exeC:\Windows\system32\Jcfggkac.exe46⤵
-
C:\Windows\SysWOW64\Kpjgaoqm.exeC:\Windows\system32\Kpjgaoqm.exe47⤵
-
C:\Windows\SysWOW64\Kegpifod.exeC:\Windows\system32\Kegpifod.exe48⤵
-
C:\Windows\SysWOW64\Kckqbj32.exeC:\Windows\system32\Kckqbj32.exe49⤵
-
C:\Windows\SysWOW64\Kpoalo32.exeC:\Windows\system32\Kpoalo32.exe50⤵
-
C:\Windows\SysWOW64\Kgiiiidd.exeC:\Windows\system32\Kgiiiidd.exe51⤵
-
C:\Windows\SysWOW64\Kgkfnh32.exeC:\Windows\system32\Kgkfnh32.exe52⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpcjgnhb.exeC:\Windows\system32\Kpcjgnhb.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lljklo32.exeC:\Windows\system32\Lljklo32.exe54⤵
-
C:\Windows\SysWOW64\Lfbped32.exeC:\Windows\system32\Lfbped32.exe55⤵
-
C:\Windows\SysWOW64\Lokdnjkg.exeC:\Windows\system32\Lokdnjkg.exe56⤵
-
C:\Windows\SysWOW64\Lfeljd32.exeC:\Windows\system32\Lfeljd32.exe57⤵
-
C:\Windows\SysWOW64\Lgdidgjg.exeC:\Windows\system32\Lgdidgjg.exe58⤵
-
C:\Windows\SysWOW64\Lqmmmmph.exeC:\Windows\system32\Lqmmmmph.exe59⤵
-
C:\Windows\SysWOW64\Lnangaoa.exeC:\Windows\system32\Lnangaoa.exe60⤵
-
C:\Windows\SysWOW64\Lcnfohmi.exeC:\Windows\system32\Lcnfohmi.exe61⤵
-
C:\Windows\SysWOW64\Mqafhl32.exeC:\Windows\system32\Mqafhl32.exe62⤵
-
C:\Windows\SysWOW64\Mfnoqc32.exeC:\Windows\system32\Mfnoqc32.exe63⤵
-
C:\Windows\SysWOW64\Mcbpjg32.exeC:\Windows\system32\Mcbpjg32.exe64⤵
-
C:\Windows\SysWOW64\Mmkdcm32.exeC:\Windows\system32\Mmkdcm32.exe65⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mnjqmpgg.exeC:\Windows\system32\Mnjqmpgg.exe66⤵
-
C:\Windows\SysWOW64\Mfeeabda.exeC:\Windows\system32\Mfeeabda.exe67⤵
-
C:\Windows\SysWOW64\Mqkiok32.exeC:\Windows\system32\Mqkiok32.exe68⤵
-
C:\Windows\SysWOW64\Mfhbga32.exeC:\Windows\system32\Mfhbga32.exe69⤵
-
C:\Windows\SysWOW64\Nmbjcljl.exeC:\Windows\system32\Nmbjcljl.exe70⤵
-
C:\Windows\SysWOW64\Njfkmphe.exeC:\Windows\system32\Njfkmphe.exe71⤵
-
C:\Windows\SysWOW64\Nqpcjj32.exeC:\Windows\system32\Nqpcjj32.exe72⤵
-
C:\Windows\SysWOW64\Njhgbp32.exeC:\Windows\system32\Njhgbp32.exe73⤵
-
C:\Windows\SysWOW64\Nglhld32.exeC:\Windows\system32\Nglhld32.exe74⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ncchae32.exeC:\Windows\system32\Ncchae32.exe75⤵
-
C:\Windows\SysWOW64\Nagiji32.exeC:\Windows\system32\Nagiji32.exe76⤵
-
C:\Windows\SysWOW64\Omnjojpo.exeC:\Windows\system32\Omnjojpo.exe77⤵
-
C:\Windows\SysWOW64\Oplfkeob.exeC:\Windows\system32\Oplfkeob.exe78⤵
-
C:\Windows\SysWOW64\Oakbehfe.exeC:\Windows\system32\Oakbehfe.exe79⤵
-
C:\Windows\SysWOW64\Onocomdo.exeC:\Windows\system32\Onocomdo.exe80⤵
-
C:\Windows\SysWOW64\Omdppiif.exeC:\Windows\system32\Omdppiif.exe81⤵
-
C:\Windows\SysWOW64\Pdmdnadc.exeC:\Windows\system32\Pdmdnadc.exe82⤵
-
C:\Windows\SysWOW64\Qjfmkk32.exeC:\Windows\system32\Qjfmkk32.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qpcecb32.exeC:\Windows\system32\Qpcecb32.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qodeajbg.exeC:\Windows\system32\Qodeajbg.exe85⤵
-
C:\Windows\SysWOW64\Qdaniq32.exeC:\Windows\system32\Qdaniq32.exe86⤵
-
C:\Windows\SysWOW64\Akkffkhk.exeC:\Windows\system32\Akkffkhk.exe87⤵
-
C:\Windows\SysWOW64\Aaenbd32.exeC:\Windows\system32\Aaenbd32.exe88⤵
-
C:\Windows\SysWOW64\Ahofoogd.exeC:\Windows\system32\Ahofoogd.exe89⤵
-
C:\Windows\SysWOW64\Aagkhd32.exeC:\Windows\system32\Aagkhd32.exe90⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Amnlme32.exeC:\Windows\system32\Amnlme32.exe91⤵
-
C:\Windows\SysWOW64\Akblfj32.exeC:\Windows\system32\Akblfj32.exe92⤵
-
C:\Windows\SysWOW64\Apodoq32.exeC:\Windows\system32\Apodoq32.exe93⤵
-
C:\Windows\SysWOW64\Aopemh32.exeC:\Windows\system32\Aopemh32.exe94⤵
-
C:\Windows\SysWOW64\Bhhiemoj.exeC:\Windows\system32\Bhhiemoj.exe95⤵
-
C:\Windows\SysWOW64\Baannc32.exeC:\Windows\system32\Baannc32.exe96⤵
-
C:\Windows\SysWOW64\Bkibgh32.exeC:\Windows\system32\Bkibgh32.exe97⤵
-
C:\Windows\SysWOW64\Bgpcliao.exeC:\Windows\system32\Bgpcliao.exe98⤵
-
C:\Windows\SysWOW64\Bmjkic32.exeC:\Windows\system32\Bmjkic32.exe99⤵
-
C:\Windows\SysWOW64\Bnlhncgi.exeC:\Windows\system32\Bnlhncgi.exe100⤵
-
C:\Windows\SysWOW64\Bkphhgfc.exeC:\Windows\system32\Bkphhgfc.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cpmapodj.exeC:\Windows\system32\Cpmapodj.exe102⤵
-
C:\Windows\SysWOW64\Ckbemgcp.exeC:\Windows\system32\Ckbemgcp.exe103⤵
-
C:\Windows\SysWOW64\Chfegk32.exeC:\Windows\system32\Chfegk32.exe104⤵
-
C:\Windows\SysWOW64\Chiblk32.exeC:\Windows\system32\Chiblk32.exe105⤵
-
C:\Windows\SysWOW64\Cocjiehd.exeC:\Windows\system32\Cocjiehd.exe106⤵
-
C:\Windows\SysWOW64\Cdpcal32.exeC:\Windows\system32\Cdpcal32.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Coegoe32.exeC:\Windows\system32\Coegoe32.exe108⤵
-
C:\Windows\SysWOW64\Chnlgjlb.exeC:\Windows\system32\Chnlgjlb.exe109⤵
-
C:\Windows\SysWOW64\Dafppp32.exeC:\Windows\system32\Dafppp32.exe110⤵
-
C:\Windows\SysWOW64\Dgcihgaj.exeC:\Windows\system32\Dgcihgaj.exe111⤵
-
C:\Windows\SysWOW64\Dpkmal32.exeC:\Windows\system32\Dpkmal32.exe112⤵
-
C:\Windows\SysWOW64\Dolmodpi.exeC:\Windows\system32\Dolmodpi.exe113⤵
-
C:\Windows\SysWOW64\Dqnjgl32.exeC:\Windows\system32\Dqnjgl32.exe114⤵
-
C:\Windows\SysWOW64\Doojec32.exeC:\Windows\system32\Doojec32.exe115⤵
-
C:\Windows\SysWOW64\Ddkbmj32.exeC:\Windows\system32\Ddkbmj32.exe116⤵
-
C:\Windows\SysWOW64\Dndgfpbo.exeC:\Windows\system32\Dndgfpbo.exe117⤵
-
C:\Windows\SysWOW64\Dhikci32.exeC:\Windows\system32\Dhikci32.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ebaplnie.exeC:\Windows\system32\Ebaplnie.exe119⤵
-
C:\Windows\SysWOW64\Egohdegl.exeC:\Windows\system32\Egohdegl.exe120⤵
-
C:\Windows\SysWOW64\Enhpao32.exeC:\Windows\system32\Enhpao32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-