3d2e20fad6185cdd4bb384118a1fe9ab4c78a3d9a256df77562e7fd0b2c1b337

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6784020cef63a1f213cd60952c2add30.exe
Size

145KB
MD5

6784020cef63a1f213cd60952c2add30
SHA1

1415a2ca1590718123caa759a949ff88a0c670e8
SHA256

3d2e20fad6185cdd4bb384118a1fe9ab4c78a3d9a256df77562e7fd0b2c1b337
SHA512

738acb6918d7ca2bfdbd302ba4ec62123094948d86d9b0cacc55d8c71de3c2285ea140e2ab09248d7393db5dbaf398f433a83fb0ef567a81ccfbbf7d11994bdf
SSDEEP

3072:+apQLsjnOYOKOpGQ2ly+4yHyisr7O8CMFPv3yJDUKb80vR:+aIsfQ28+4R7T5vrsXR

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2924	xvqykzi.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xvqykzi.exe	NEAS.6784020cef63a1f213cd60952c2add30.exe
File created	C:\PROGRA~3\Mozilla\zyfdqqb.dll	xvqykzi.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2924	1420	taskeng.exe	31
PID 1420 wrote to memory of 2924	1420	taskeng.exe	31
PID 1420 wrote to memory of 2924	1420	taskeng.exe	31
PID 1420 wrote to memory of 2924	1420	taskeng.exe	31

C:\Users\Admin\AppData\Local\Temp\NEAS.6784020cef63a1f213cd60952c2add30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6784020cef63a1f213cd60952c2add30.exe"
1⤵
- Drops file in Program Files directory
PID:2088

C:\Windows\system32\taskeng.exe
taskeng.exe {33C39520-7FFA-4B49-B139-35C92E1A76D7} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\PROGRA~3\Mozilla\xvqykzi.exe
  C:\PROGRA~3\Mozilla\xvqykzi.exe -tkarfve
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\xvqykzi.exe

Filesize
145KB

MD5
b78e50a5ec7c0acd9137b02ca26b88b0

SHA1
327a5d1b94952b6f94fbf7109abbab1227ad70fc

SHA256
7de0ae8cc8e7d78762bb08023321ecf32d5470dfe4d48eb674a2b64288c77d44

SHA512
9955493a06e4f3d9d2cd7fb6fcca38d230a7048b11b600d494cddfe0ccfcf610623a749838bccc9ad3af91291257273953e9e0e4dad30d6de2802a9e4ce890e9

Download Submit
C:\PROGRA~3\Mozilla\xvqykzi.exe

Filesize
145KB

MD5
b78e50a5ec7c0acd9137b02ca26b88b0

SHA1
327a5d1b94952b6f94fbf7109abbab1227ad70fc

SHA256
7de0ae8cc8e7d78762bb08023321ecf32d5470dfe4d48eb674a2b64288c77d44

SHA512
9955493a06e4f3d9d2cd7fb6fcca38d230a7048b11b600d494cddfe0ccfcf610623a749838bccc9ad3af91291257273953e9e0e4dad30d6de2802a9e4ce890e9

Download Submit
memory/2088-0-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2088-1-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2088-3-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2088-2-0x00000000002A0000-0x00000000002A2000-memory.dmp

Filesize
8KB

Download
memory/2088-7-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2088-8-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2924-11-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2924-12-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2924-17-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download