e5ea0c0d4bbd28029f98998d7e1cb2e78a33b8f4abb49419debb5ce237bcdf74

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c74525a4a290d2e8e460b771bbf77670.exe
Size

83KB
MD5

c74525a4a290d2e8e460b771bbf77670
SHA1

724176df71f2738943cf475b9362b7b8fc6d2463
SHA256

e5ea0c0d4bbd28029f98998d7e1cb2e78a33b8f4abb49419debb5ce237bcdf74
SHA512

7576c588a06bcf24f5973955d7888bcc6de87d145d63aa00211758cd9a8d2d4f9b6082d3fe803acbf1ec7eab9310115b73cde8ba9b78ba05cf9f527cd90e25ac
SSDEEP

1536:Z0nERoZkOQNDakhH0/vkmdmoOnO4DMKoZHAJ7+FkVC0yI1FbgNVQdB2wHA9ygn8:ynEO/Lnk/nbMjoA6OEgHtw4yg8

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3350690463-3549324357-1323838019-1000\desktop.ini	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3350690463-3549324357-1323838019-1000\desktop.ini	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\desktop.ini	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\desktop.ini	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	NEAS.c74525a4a290d2e8e460b771bbf77670.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eu.txt	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\Welcome.html	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\LICENSE	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\glass.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\ieinstal.exe	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Internet Explorer\IEShims.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\jdk\dom.md	NEAS.c74525a4a290d2e8e460b771bbf77670.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png	NEAS.c74525a4a290d2e8e460b771bbf77670.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1596	1832	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\NEAS.c74525a4a290d2e8e460b771bbf77670.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c74525a4a290d2e8e460b771bbf77670.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 784
  2⤵
  - Program crash
  PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1832 -ip 1832
1⤵
PID:4768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
189KB

MD5
a648a648ac1b0fb5a0fbf45bf43fca73

SHA1
38b1aabf5143824c24198aaa6a7a683a3dc1243c

SHA256
f0bb3c5d8ec766184dc51d2494a9b751c51aca27cf8a159dd4669bf6362ff9fb

SHA512
445ed6452bff7c1c004c6e4f5f20457a66e184913af6c84d2b728dcb105e59e878cb78eb22dabbf0a78aee0763a954c27d74f30a41263f7c88240659de870d4f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1832-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1832-391-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1832-3386-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads