401254d914542f0707e3582cd4fef162996158fc6cec22cd643f32b65c9c8fd3

Analysis

max time kernel
9s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 19:10

Target

NEAS.baf696518ff49f9c407673208d1596b0.exe
Size

160KB
MD5

baf696518ff49f9c407673208d1596b0
SHA1

44868fa342c394da179e586dcd986bdbfd2875e0
SHA256

401254d914542f0707e3582cd4fef162996158fc6cec22cd643f32b65c9c8fd3
SHA512

3a8c8d459d93d233e34a84f9817f169e17d4c2a68b4fa721d130f75deb7c7c862a8bbf6e156ef196bee8b7d74bcf457cb7a682c546d7949d8dd343e839edfe14
SSDEEP

3072:IFFN5ozOn+U5SOvJTwOJtWUJUEFkShnqVBqSbguA4Dzpouz:iT5ozO+8ZRc+15FkSQBDbpAszVz

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
1948	xxmjpmn.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3440-0-0x0000000000400000-0x000000000045E000-memory.dmp	upx
behavioral2/files/0x0005000000000717-4.dat	upx
behavioral2/files/0x0005000000000717-8.dat	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xxmjpmn.exe	NEAS.baf696518ff49f9c407673208d1596b0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.baf696518ff49f9c407673208d1596b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.baf696518ff49f9c407673208d1596b0.exe"
1⤵
- Drops file in Program Files directory
PID:3440

C:\PROGRA~3\Mozilla\xxmjpmn.exe
C:\PROGRA~3\Mozilla\xxmjpmn.exe -nznotnb
1⤵
- Executes dropped EXE
PID:1948

C:\PROGRA~3\Mozilla\xxmjpmn.exe

Filesize
15KB

MD5
dccca52b9802bec6c86b64cbab367f39

SHA1
5f57d2177bfaa86f73bb27ae910a260798070069

SHA256
00453ca2dfc0a6a55c603019e1995454cf44331430f3f3c1040b817582aac5d5

SHA512
73b3bda141f6f366eea04d6b0a96d21b1c92ce2afe4cb00a3dc94989f683e12d52893885ee9e98151121cba3fe2d5f87a4c42c667239b96311f856c23c1cff6a

Download Submit
C:\ProgramData\Mozilla\xxmjpmn.exe

Filesize
160KB

MD5
4a962cc5cfa8eea58417f2114885c062

SHA1
77c19a44901b29fd77f9df35e07e4a149199a650

SHA256
df8ca77abce569b688137a3e81475870bf6b368c0e61391db65a02c064f2a358

SHA512
9711e89bab990d3cfb10931de05f07d6649c7c52318805ec55c9a7cca680ebe63a98075a622ae4bc43af6804484a361c061265fdd155e7477a523e67f064c359

Download Submit
memory/3440-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3440-1-0x0000000000630000-0x000000000068B000-memory.dmp

Filesize
364KB

Download
memory/3440-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3440-6-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3440-7-0x0000000000630000-0x000000000068B000-memory.dmp

Filesize
364KB

Download