7b16389e3c2dec148017f6ef3406c2e322fb20eb0e9706eacfcbebb9533ffd36

Analysis

max time kernel
122s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
Size

279KB
MD5

9f8f8ecb396a7a43411173af9f2e62d0
SHA1

576571b5950292feeb00554c0d33c878048bdac2
SHA256

7b16389e3c2dec148017f6ef3406c2e322fb20eb0e9706eacfcbebb9533ffd36
SHA512

515392df5bb09153569a7809ff36d33ecbe8f62df3db9620082b0ff4274911f73894a28fe859ce399bdfa17b7a90897c2bdde5743d432ad2bfd3a727b308da47
SSDEEP

6144:uuq1yy/pjnkeQ4m13YSfZgaPlWERGKjwjglIQ2beZ:y1yc9kbJ3YyrlWqGewj4IQ2bc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4304-0-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral2/files/0x0008000000023064-5.dat	upx
behavioral2/memory/4304-18-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral2/memory/4304-19-0x0000000000400000-0x0000000000418000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\QiXjJfauhfN.com	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File created	C:\Windows\win32dc\Sims 2_nocd.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\Half-Life 2_fix.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2_fix.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\FlatOut + cheat.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\FlatOut + cheat.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\Doom 3 patch.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\UT2004_crack.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\Silent Hill 4 cheat.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\Quake3 + nocd.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\Quake3 + nocd.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\Sims 2(codes).exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\Doom 3 patch.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\BattleField 1942(hack).exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\Sims 2_nocd.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File opened for modification	C:\Windows\win32dc\Sims 2(codes).exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\UT2004_crack.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
File created	C:\Windows\win32dc\Counter-Strike nocd.exe	NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9f8f8ecb396a7a43411173af9f2e62d0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\FlatOut + cheat.exe

Filesize
283KB

MD5
00f7dd7188de7bb66539e7923bddc8ab

SHA1
501a6f311d3e36e8ee87807491884ee55e18212e

SHA256
131a9dfc4e55e85b0353304120065f8ff71600b30d4dbfb732c2f66816b6d482

SHA512
c809def7138b970f3f36d2c8ddce7602bfdfc17babd308cc9a05b6ceadfc5d56bf5506886b17a29e4172e3b3dfdb2ee4a239e39b4807c74081409c4b4c34de12

Download Submit
memory/4304-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4304-18-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4304-19-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads