94058083526fb1238d12551ee0bee9f1f30119324c49fd70672a94706581684a

Analysis

max time kernel
151s
max time network
155s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a022b278364d51809e3668159e432100.exe
Size

463KB
MD5

a022b278364d51809e3668159e432100
SHA1

1d3d170284160dcb9a9fddc6385af21163ba8ccf
SHA256

94058083526fb1238d12551ee0bee9f1f30119324c49fd70672a94706581684a
SHA512

8a20065d82acacd676f253c95b40ed9c07904519b09c0651698b626f5b500cdd5741bd554fa18c9c653247c4e890c04049ee6744e3777428e7e585cc337c0233
SSDEEP

12288:iQUJqcgQs0DcW+smXWvbSed/T7Sdabv8LhBx:iQUxHBDcs/eeN6y+hBx

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1744	NEAS.a022b278364d51809e3668159e432100.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	NEAS.a022b278364d51809e3668159e432100.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	NEAS.a022b278364d51809e3668159e432100.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	NEAS.a022b278364d51809e3668159e432100.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	NEAS.a022b278364d51809e3668159e432100.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1744	NEAS.a022b278364d51809e3668159e432100.exe
1744	NEAS.a022b278364d51809e3668159e432100.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.a022b278364d51809e3668159e432100.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a022b278364d51809e3668159e432100.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\ActionEngine.dll

Filesize
977KB

MD5
e142a0e9faebdc44d4b692e30827bd0f

SHA1
ff83ff5dea3e3f2b75b6f2445fd74f12cdc4f9a4

SHA256
fc0ef9bd7711fe39fc075d3d239cc14b293b775ecd42e735928b853f0f5c9a70

SHA512
67c700f342ee2ae0f0c7d0ec84eac40356620c949b1b3e93fe83edff954a688d847e37be6150491e3f5580a9a419c028c9b35f8baa43455519e5a076527069ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\api.js

Filesize
5KB

MD5
cad20144ce29f20fecd6c21c5c61dead

SHA1
6bbaeb0aae32a3828cb77f8bfd3fb493803f3626

SHA256
e68cb263198cf8cf93e5a60be4ff091606be78b0963aca0e519732187ea93e80

SHA512
35e0f7c8cb13693d7e3a221f186bd72613544dc75e5355550bd0e7ed7054831258c5a487d20b412ce646313d24b3436baf10597baa8a359a319dbeee26580ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\jquery-1.3.2.min.js

Filesize
55KB

MD5
bb381e2d19d8eace86b34d20759491a5

SHA1
3dc9f7c2642efff4482e68c9d9df874bf98f5bcb

SHA256
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899

SHA512
abb2ad8b111271a82a04362940a7ab9930883ecb33497a1c53edcdc49f0634af5bf5b1bc7095bd18db26d212b059aece4577f85040b5f49c4982b468fe973c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\jquery.localisation.min.js

Filesize
1KB

MD5
f1cf73e00c240e9a4283201291d45a07

SHA1
918c49cb6f1de521d91967b2508f19db1f38fea2

SHA256
81bce5ff1003c9d5a688102d5d4c603841ed61c32628823dc48d560ec0d42cd2

SHA512
2242892434a638a9344c87453c3d2a66a880278dcf66f1516f240131dca767248baf663ffc9365acad26550e5b20a742d8115d5976de3a094d0229d60844788f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\language\splash-strings.js

Filesize
446B

MD5
157d5a5389521369e8d42bf50dd9e4e5

SHA1
32f0877615d73dd0f952dbaf1425e2e61e8082aa

SHA256
5688c7509f409b9f06d40f247000833f8318e4d20dbb6a2dff7fdb74df220bed

SHA512
75a583cfa7bd4fb4eaa73b3e189a5dba4116479c5ac5c6be8db95bb656b3951013493ada964d8abf4d5140732ae3e0e1e09e9f48622d445460532ec8eef06f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\splash.html

Filesize
1KB

MD5
0d0e0532f51af856688ad83abb889fde

SHA1
a1949b703816fa1bc60cf9c395d6dbb0f6f5c61c

SHA256
a358150647aaf4413fd2738c8ebcc0579b0bd4ccca8ba02738a4332a430f8ec8

SHA512
29322e2446ae5a37a34f113be5924121ce7d8fcfc617818f59c407fe7da01153845a947464345d6b86463b18c75d0adae1cc7dd5f17cf2d29584ef9539d8e0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\splash.js

Filesize
946B

MD5
354dce57695e99df9e6faba76346496f

SHA1
ca364e2daa4a80cfed7412b0f0374f1f82fa7146

SHA256
bb39b6b14ae7f032922366943b342f58be120242020b1fa4dbb3310e39928823

SHA512
8f34ae59e5502c70659e358d03709cfdfd01ec2128110932910e8de16888857896e86707c279b3f67edb54059a08ab6ce05b742342e825e2894580ae4a4639ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\Gui\translation.js

Filesize
6KB

MD5
682fea27f4c335defc18be6fb24d5748

SHA1
d4a1743d63508d18af4be59232f3d266228648fb

SHA256
928571317e90c4d6680931dffaaae85f382069be2bc72b875810ceb1f7c2744f

SHA512
ef70ad8c291fe10c8b1d0dc060fc50b4593cf6fabc03a751aa62d5f4e375b1c80184337816a8e50430964960fc56324259f8833707320c7b757e388ecbd28341

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\instlangs.xml

Filesize
17KB

MD5
aa91818150cfadb667ae6f914d43dca0

SHA1
4411bd0038ccd464ed7597f0540cfe04867b9042

SHA256
2aa71646493cf47b38be0920488159b154eaf19193dc4a6ecfa0a6509196c7c5

SHA512
dd1310dc52bb6cc4977341dc34fb6a273e1349602a5fb3037e0b0d087b8f0d2d7a04e2db32e2708379758266c31422d27b5a35f5ba068cd7dbdd211b07893ecd

Download Submit
\Users\Admin\AppData\Local\Temp\IM_3A33.tmp\ActionEngine.dll

Filesize
977KB

MD5
e142a0e9faebdc44d4b692e30827bd0f

SHA1
ff83ff5dea3e3f2b75b6f2445fd74f12cdc4f9a4

SHA256
fc0ef9bd7711fe39fc075d3d239cc14b293b775ecd42e735928b853f0f5c9a70

SHA512
67c700f342ee2ae0f0c7d0ec84eac40356620c949b1b3e93fe83edff954a688d847e37be6150491e3f5580a9a419c028c9b35f8baa43455519e5a076527069ae

Download Submit
memory/1744-103-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/1744-177-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download