Analysis
-
max time kernel
122s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14/10/2023, 17:50
Behavioral task
behavioral1
Sample
NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Resource
win7-20230831-en
4 signatures
150 seconds
General
-
Target
NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
-
Size
293KB
-
MD5
2fdf1218a636c6e1415dbd1f2eaf53a0
-
SHA1
3e9dd5bcde75be2aee3253d711afa0080f188dd4
-
SHA256
1a787786968cfa9102f6ba5362d274349bf53f15f2dc0c9a70940edf7d626074
-
SHA512
b395054ed37bbee9a9d6c3e3d9966c3f57587e90b8c440aed5b01442b360ac3f8b761cd3da305c9fba97a5f4d325b1c747a722ecc16e59ccf3e92f8aba226085
-
SSDEEP
6144:YbaepOgEy+AT5JPPiFrF6UTcz/DJZoAwDuRS/xrZ:Qa2dEy+ATrPiFXEJZoAwDui
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1872 set thread context of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28 -
Suspicious use of AdjustPrivilegeToken 46 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeSecurityPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeTakeOwnershipPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeLoadDriverPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeSystemProfilePrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeSystemtimePrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeProfSingleProcessPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeIncBasePriorityPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeCreatePagefilePrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeBackupPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeRestorePrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeShutdownPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeDebugPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeSystemEnvironmentPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeChangeNotifyPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeRemoteShutdownPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeUndockPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeManageVolumePrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeImpersonatePrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeCreateGlobalPrivilege 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: 33 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: 34 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: 35 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe Token: SeIncreaseQuotaPrivilege 2580 iexplore.exe Token: SeSecurityPrivilege 2580 iexplore.exe Token: SeTakeOwnershipPrivilege 2580 iexplore.exe Token: SeLoadDriverPrivilege 2580 iexplore.exe Token: SeSystemProfilePrivilege 2580 iexplore.exe Token: SeSystemtimePrivilege 2580 iexplore.exe Token: SeProfSingleProcessPrivilege 2580 iexplore.exe Token: SeIncBasePriorityPrivilege 2580 iexplore.exe Token: SeCreatePagefilePrivilege 2580 iexplore.exe Token: SeBackupPrivilege 2580 iexplore.exe Token: SeRestorePrivilege 2580 iexplore.exe Token: SeShutdownPrivilege 2580 iexplore.exe Token: SeDebugPrivilege 2580 iexplore.exe Token: SeSystemEnvironmentPrivilege 2580 iexplore.exe Token: SeChangeNotifyPrivilege 2580 iexplore.exe Token: SeRemoteShutdownPrivilege 2580 iexplore.exe Token: SeUndockPrivilege 2580 iexplore.exe Token: SeManageVolumePrivilege 2580 iexplore.exe Token: SeImpersonatePrivilege 2580 iexplore.exe Token: SeCreateGlobalPrivilege 2580 iexplore.exe Token: 33 2580 iexplore.exe Token: 34 2580 iexplore.exe Token: 35 2580 iexplore.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1872 wrote to memory of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28 PID 1872 wrote to memory of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28 PID 1872 wrote to memory of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28 PID 1872 wrote to memory of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28 PID 1872 wrote to memory of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28 PID 1872 wrote to memory of 2580 1872 NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2580
-