Analysis
-
max time kernel
171s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 13:06
General
-
Target
NEAS.138a2b0899b46e666e45f1813f2f1590_JC.exe
-
Size
60KB
-
MD5
138a2b0899b46e666e45f1813f2f1590
-
SHA1
59381dd83242b2ce7af9415244dc8658c58e3d13
-
SHA256
f0e014f5b11f706dcc77bd0e340b5c1c7d12300a241a19a936db8e77c2fe0caf
-
SHA512
8784fec01fdae74386a91d92718868ac2e1e28b073832964aecd5176baecc9da9c75fcc9d56fbea66e456bea5cf44fca813054e421fc56142c8767dfd0ba8c03
-
SSDEEP
1536:DBr1tMw8aG4hhbioamkXiyiDCKJpMlXWY7tNDB86l1r:WaG4XhaBXXiDCCMdWY7tNDB86l1r
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.138a2b0899b46e666e45f1813f2f1590_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.138a2b0899b46e666e45f1813f2f1590_JC.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdcmnfop.exeC:\Windows\system32\Mdcmnfop.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngklppei.exeC:\Windows\system32\Ngklppei.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Okbhlm32.exeC:\Windows\system32\Okbhlm32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pklkbl32.exeC:\Windows\system32\Pklkbl32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pafcofcg.exeC:\Windows\system32\Pafcofcg.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qajlje32.exeC:\Windows\system32\Qajlje32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aqdbfa32.exeC:\Windows\system32\Aqdbfa32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Anmmkd32.exeC:\Windows\system32\Anmmkd32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnaffdfc.exeC:\Windows\system32\Bnaffdfc.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgaqphgl.exeC:\Windows\system32\Cgaqphgl.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbfema32.exeC:\Windows\system32\Cbfema32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjfclcpg.exeC:\Windows\system32\Cjfclcpg.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dnienqbi.exeC:\Windows\system32\Dnienqbi.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elaobdmm.exeC:\Windows\system32\Elaobdmm.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enedio32.exeC:\Windows\system32\Enedio32.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eliecc32.exeC:\Windows\system32\Eliecc32.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fehplggn.exeC:\Windows\system32\Fehplggn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghpooanf.exeC:\Windows\system32\Ghpooanf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Golcak32.exeC:\Windows\system32\Golcak32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gaoihfoo.exeC:\Windows\system32\Gaoihfoo.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iheaqolo.exeC:\Windows\system32\Iheaqolo.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ileflmpb.exeC:\Windows\system32\Ileflmpb.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jkomhhae.exeC:\Windows\system32\Jkomhhae.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jbnopbdl.exeC:\Windows\system32\Jbnopbdl.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kiomnk32.exeC:\Windows\system32\Kiomnk32.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Llmbqdfb.exeC:\Windows\system32\Llmbqdfb.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjcljk32.exeC:\Windows\system32\Mjcljk32.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfofjk32.exeC:\Windows\system32\Mfofjk32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndjldo32.exeC:\Windows\system32\Ndjldo32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odnfonag.exeC:\Windows\system32\Odnfonag.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Offeahhp.exeC:\Windows\system32\Offeahhp.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkigbfja.exeC:\Windows\system32\Pkigbfja.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Alcfpm32.exeC:\Windows\system32\Alcfpm32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acpkbf32.exeC:\Windows\system32\Acpkbf32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Almifk32.exeC:\Windows\system32\Almifk32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bgicdc32.exeC:\Windows\system32\Bgicdc32.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cdbmifdl.exeC:\Windows\system32\Cdbmifdl.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cnjbbl32.exeC:\Windows\system32\Cnjbbl32.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cgbfka32.exeC:\Windows\system32\Cgbfka32.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdfgdf32.exeC:\Windows\system32\Cdfgdf32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dqbadf32.exeC:\Windows\system32\Dqbadf32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dklomnmf.exeC:\Windows\system32\Dklomnmf.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejfeij32.exeC:\Windows\system32\Ejfeij32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ecoiapdj.exeC:\Windows\system32\Ecoiapdj.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eljknl32.exeC:\Windows\system32\Eljknl32.exe46⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flodilma.exeC:\Windows\system32\Flodilma.exe47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmejlcoj.exeC:\Windows\system32\Fmejlcoj.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjikeg32.exeC:\Windows\system32\Fjikeg32.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghadjkhh.exeC:\Windows\system32\Ghadjkhh.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gmnmbbgp.exeC:\Windows\system32\Gmnmbbgp.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkggfe32.exeC:\Windows\system32\Hkggfe32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hoiihcde.exeC:\Windows\system32\Hoiihcde.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ikbfbdgf.exeC:\Windows\system32\Ikbfbdgf.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikechced.exeC:\Windows\system32\Ikechced.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iaokdn32.exeC:\Windows\system32\Iaokdn32.exe56⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jhbfgflc.exeC:\Windows\system32\Jhbfgflc.exe57⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kdeghfhj.exeC:\Windows\system32\Kdeghfhj.exe58⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kbigajfc.exeC:\Windows\system32\Kbigajfc.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbmqmi32.exeC:\Windows\system32\Lbmqmi32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhgiic32.exeC:\Windows\system32\Lhgiic32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Loaafnah.exeC:\Windows\system32\Loaafnah.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmeapbpa.exeC:\Windows\system32\Lmeapbpa.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Linojbdc.exeC:\Windows\system32\Linojbdc.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnggnh32.exeC:\Windows\system32\Mnggnh32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfchjddj.exeC:\Windows\system32\Nfchjddj.exe66⤵
-
C:\Windows\SysWOW64\Nicalpak.exeC:\Windows\system32\Nicalpak.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nldjnk32.exeC:\Windows\system32\Nldjnk32.exe68⤵
-
C:\Windows\SysWOW64\Opdpih32.exeC:\Windows\system32\Opdpih32.exe69⤵
-
C:\Windows\SysWOW64\Pidjcm32.exeC:\Windows\system32\Pidjcm32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Poqckdap.exeC:\Windows\system32\Poqckdap.exe71⤵
-
C:\Windows\SysWOW64\Peodcmeg.exeC:\Windows\system32\Peodcmeg.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pllieg32.exeC:\Windows\system32\Pllieg32.exe73⤵
-
C:\Windows\SysWOW64\Qbeaba32.exeC:\Windows\system32\Qbeaba32.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aochga32.exeC:\Windows\system32\Aochga32.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aiimejap.exeC:\Windows\system32\Aiimejap.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bojohp32.exeC:\Windows\system32\Bojohp32.exe77⤵
-
C:\Windows\SysWOW64\Bjgifhep.exeC:\Windows\system32\Bjgifhep.exe78⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cgmfel32.exeC:\Windows\system32\Cgmfel32.exe79⤵
-
C:\Windows\SysWOW64\Ccipelcf.exeC:\Windows\system32\Ccipelcf.exe80⤵
-
C:\Windows\SysWOW64\Cjbhbf32.exeC:\Windows\system32\Cjbhbf32.exe81⤵
-
C:\Windows\SysWOW64\Cpmqoqbp.exeC:\Windows\system32\Cpmqoqbp.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cggikk32.exeC:\Windows\system32\Cggikk32.exe83⤵
-
C:\Windows\SysWOW64\Dnqaheai.exeC:\Windows\system32\Dnqaheai.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dobnpm32.exeC:\Windows\system32\Dobnpm32.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmfpgmil.exeC:\Windows\system32\Gmfpgmil.exe86⤵
-
C:\Windows\SysWOW64\Ggldde32.exeC:\Windows\system32\Ggldde32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gnfmapqo.exeC:\Windows\system32\Gnfmapqo.exe88⤵
-
C:\Windows\SysWOW64\Hfhgfaha.exeC:\Windows\system32\Hfhgfaha.exe89⤵
-
C:\Windows\SysWOW64\Hdaajd32.exeC:\Windows\system32\Hdaajd32.exe90⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iajkohmj.exeC:\Windows\system32\Iajkohmj.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ihhmgaqb.exeC:\Windows\system32\Ihhmgaqb.exe92⤵
-
C:\Windows\SysWOW64\Laacmbkm.exeC:\Windows\system32\Laacmbkm.exe93⤵
-
C:\Windows\SysWOW64\Nbkojo32.exeC:\Windows\system32\Nbkojo32.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Phhpic32.exeC:\Windows\system32\Phhpic32.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qajhigcj.exeC:\Windows\system32\Qajhigcj.exe96⤵
-
C:\Windows\SysWOW64\Aaoadg32.exeC:\Windows\system32\Aaoadg32.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bbjmih32.exeC:\Windows\system32\Bbjmih32.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Blbabnbk.exeC:\Windows\system32\Blbabnbk.exe99⤵
-
C:\Windows\SysWOW64\Baojkdqb.exeC:\Windows\system32\Baojkdqb.exe100⤵
-
C:\Windows\SysWOW64\Blenhmph.exeC:\Windows\system32\Blenhmph.exe101⤵
-
C:\Windows\SysWOW64\Chbenm32.exeC:\Windows\system32\Chbenm32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Deiblamk.exeC:\Windows\system32\Deiblamk.exe103⤵
-
C:\Windows\SysWOW64\Doageg32.exeC:\Windows\system32\Doageg32.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dlgddkpc.exeC:\Windows\system32\Dlgddkpc.exe105⤵
-
C:\Windows\SysWOW64\Eplckh32.exeC:\Windows\system32\Eplckh32.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hcbgen32.exeC:\Windows\system32\Hcbgen32.exe107⤵
-
C:\Windows\SysWOW64\Ijmobhdd.exeC:\Windows\system32\Ijmobhdd.exe108⤵
-
C:\Windows\SysWOW64\Ipihkobl.exeC:\Windows\system32\Ipihkobl.exe109⤵
-
C:\Windows\SysWOW64\Iapjeq32.exeC:\Windows\system32\Iapjeq32.exe110⤵
-
C:\Windows\SysWOW64\Jkaadebl.exeC:\Windows\system32\Jkaadebl.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kaemgn32.exeC:\Windows\system32\Kaemgn32.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lgikpc32.exeC:\Windows\system32\Lgikpc32.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mpmodg32.exeC:\Windows\system32\Mpmodg32.exe114⤵
-
C:\Windows\SysWOW64\Mgggaamn.exeC:\Windows\system32\Mgggaamn.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Naaejj32.exeC:\Windows\system32\Naaejj32.exe116⤵
-
C:\Windows\SysWOW64\Ndbnkefp.exeC:\Windows\system32\Ndbnkefp.exe117⤵
-
C:\Windows\SysWOW64\Nnolojhk.exeC:\Windows\system32\Nnolojhk.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oqgkadod.exeC:\Windows\system32\Oqgkadod.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Okloomoj.exeC:\Windows\system32\Okloomoj.exe120⤵
-
C:\Windows\SysWOW64\Pjffkhpl.exeC:\Windows\system32\Pjffkhpl.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-