275949beeb063bb9dd208c656bfc480c15e8cd2d10386736ba1374ac1019b44a

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8416052e8b966ae8260c702f6e329f20.exe
Size

126KB
MD5

8416052e8b966ae8260c702f6e329f20
SHA1

aa69f7ae9c7b208726042a35953365794daacddd
SHA256

275949beeb063bb9dd208c656bfc480c15e8cd2d10386736ba1374ac1019b44a
SHA512

dd8da16ec91d43f5c6623adb0e8b93b2e7b3bc6ef525eef4fa5807df1ce6c335e6aa2ba2b41956d9fd419c603435d8e63939742bf3595eff98c0a4dccc04f08e
SSDEEP

3072:5COqnKQybPLlGRqXcryRwAF0r+A/nZZaEDgG:5s5ybPL6mcrymK0SEZZXgG

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
860	xxmjpmn.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xxmjpmn.exe	NEAS.8416052e8b966ae8260c702f6e329f20.exe
File created	C:\PROGRA~3\Mozilla\yscklod.dll	xxmjpmn.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.8416052e8b966ae8260c702f6e329f20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8416052e8b966ae8260c702f6e329f20.exe"
1⤵
- Drops file in Program Files directory
PID:2064

C:\PROGRA~3\Mozilla\xxmjpmn.exe
C:\PROGRA~3\Mozilla\xxmjpmn.exe -nznotnb
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\xxmjpmn.exe

Filesize
126KB

MD5
878fdd0819e985153a9c07367a228da4

SHA1
0c692ad1c0527439430f4359aacf967353bc9892

SHA256
828bd565a4c2fd050e2e17651ba6823492c8c835bf87f7f3c388dfdafe373760

SHA512
0eba12c087bb1b79bfd51900837083b886bd100e881cf17c3aa8f172e207fda26164b1d705b4c6dc77e98f28acfcef40b3b66cfaeb427eb174a30a3779f02509

Download Submit
C:\ProgramData\Mozilla\xxmjpmn.exe

Filesize
126KB

MD5
878fdd0819e985153a9c07367a228da4

SHA1
0c692ad1c0527439430f4359aacf967353bc9892

SHA256
828bd565a4c2fd050e2e17651ba6823492c8c835bf87f7f3c388dfdafe373760

SHA512
0eba12c087bb1b79bfd51900837083b886bd100e881cf17c3aa8f172e207fda26164b1d705b4c6dc77e98f28acfcef40b3b66cfaeb427eb174a30a3779f02509

Download Submit
memory/860-10-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/860-11-0x0000000001030000-0x000000000108B000-memory.dmp

Filesize
364KB

Download
memory/860-17-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2064-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2064-1-0x0000000000630000-0x000000000068B000-memory.dmp

Filesize
364KB

Download
memory/2064-9-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download