Analysis
-
max time kernel
253s -
max time network
284s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
14-10-2023 19:16
General
-
Target
NEAS.dbd036a391e472106543a02a540145e0.exe
-
Size
1.9MB
-
MD5
dbd036a391e472106543a02a540145e0
-
SHA1
66a8bb5354d7cf0ae759e8a7d33e7e5e0058035e
-
SHA256
aa8b7d7fec9ece14d64c350704cafb7fade515ad8529ecc8de3a1d87fff46b69
-
SHA512
b8d8d54684b85a6f69a446383614dc7fc2e5868490afbfef0c7a091bf83d0883a4259991acc4442d1be6d69863c9fbf533e2d926f5d3d7a3c86ad051f6446ab3
-
SSDEEP
24576:rEmvS3PLNyroPr4GGZdjfKRvI+2GRK4Nwb2/vBoRSXDcoklCYIR0jgJmxQ0gxmev:rE13D8c4GG/jfKCfGgSBsomexmeHP
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies registry class 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 16 IoCs
-
Suspicious use of FindShellTrayWindow 29 IoCs
-
Suspicious use of SendNotifyMessage 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dbd036a391e472106543a02a540145e0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dbd036a391e472106543a02a540145e0.exe"1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5101⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
1.7MB
-
Filesize
1.7MB