3ebaa5a55cd6c4284f8d9c6ff501a242c13bc04d1437f5d57486c544ff4d7bdc

Analysis

max time kernel
141s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.332ae446493becdc83220dbf38485730.exe
Size

314KB
MD5

332ae446493becdc83220dbf38485730
SHA1

705e464c8cf38238208f53aadbc70e36d2e61791
SHA256

3ebaa5a55cd6c4284f8d9c6ff501a242c13bc04d1437f5d57486c544ff4d7bdc
SHA512

c7949daa6511d8a4eb57898c44aeff8de6935978d7415af262ccb002e087c1545a2ec49ab639fa61a4846bb417fe8e2f3720a34b957f410362865550ccf87b6d
SSDEEP

6144:4wnqO4OgaqP/MlH3aN5eDds5A/D8XG2MBuW4a/ViE2lPnT5sc7uVzmCoZbnIfBb5:Dq7dnGqNSR/ygus/gNT6cqhebIpbxdFb

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4912	eakpvvm.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\eakpvvm.exe	NEAS.332ae446493becdc83220dbf38485730.exe
File created	C:\PROGRA~3\Mozilla\fmzydld.dll	eakpvvm.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.332ae446493becdc83220dbf38485730.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.332ae446493becdc83220dbf38485730.exe"
1⤵
- Drops file in Program Files directory
PID:5036

C:\PROGRA~3\Mozilla\eakpvvm.exe
C:\PROGRA~3\Mozilla\eakpvvm.exe -lxsxepj
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\eakpvvm.exe

Filesize
314KB

MD5
757258310cb66612363310054257cb0f

SHA1
411e1a7d988b36e312bb67ad033f72367ff5eda4

SHA256
09fe220b61863b30d3c244dfcfc6a371b9dbea73b6735e66383c685498b55755

SHA512
412aedfcb4a71a0523965433ff52c16ffd4cfd737142e499c3106cfcb04955a77d5112e756958aa3c02ba6d1e98dbbd6525ec40d37f44798f75cea1ee979cf92

Download Submit
C:\ProgramData\Mozilla\eakpvvm.exe

Filesize
314KB

MD5
757258310cb66612363310054257cb0f

SHA1
411e1a7d988b36e312bb67ad033f72367ff5eda4

SHA256
09fe220b61863b30d3c244dfcfc6a371b9dbea73b6735e66383c685498b55755

SHA512
412aedfcb4a71a0523965433ff52c16ffd4cfd737142e499c3106cfcb04955a77d5112e756958aa3c02ba6d1e98dbbd6525ec40d37f44798f75cea1ee979cf92

Download Submit
memory/4912-13-0x00000000006A0000-0x00000000006FB000-memory.dmp

Filesize
364KB

Download
memory/4912-18-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5036-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5036-1-0x00000000009F0000-0x0000000000A4B000-memory.dmp

Filesize
364KB

Download
memory/5036-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download