de05e01b6962ae66463871ee589695a9427779e0245ecc6b573f85c34dcf7841

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
Size

7.4MB
MD5

dbfbd1976c0723e9eaf7ea16e8d77d60
SHA1

fe76266e502911ff39fc85d8130fba7af138bd9e
SHA256

de05e01b6962ae66463871ee589695a9427779e0245ecc6b573f85c34dcf7841
SHA512

39fcc21078dd35dacf753d564c2342ded67d11d629c44660543554c7eca41944088828f4dc7f4ac280d32de9f29414a4361d1c902496b672a28aaf43770ed309
SSDEEP

196608:Ub3bPk5HyC8k5h/wDdEoNiV4I/WWwA7mIbOyg8d5KOz:Ub3bPk5HPhJCIbOyg8d53

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3856-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3856-2-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mstsc.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\nslookup.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\ntprint.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\srdelayed.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\takeown.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\tar.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\chkdsk.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\GameBarPresenceWriter.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\explorer.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\quickassist.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\taskkill.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\net.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\comp.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\msiexec.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\ByteCodeGenerator.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\cmd.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\sethc.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\auditpol.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\dccw.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\regini.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\Register-CimProvider.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\at.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\Magnify.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\tasklist.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\CloudNotifications.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\expand.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\LaunchWinApp.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\rasphone.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\schtasks.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\userinit.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\EaseOfAccessDialog.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\rundll32.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\diskperf.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\wlanext.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\getmac.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\sort.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\iscsicli.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\verifiergui.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..al-chinese-moimeexe_31bf3856ad364e35_10.0.19041.1_none_e73c658ee671e530\ChtIME.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.264_none_0e32f443c4669fed\f\hvix64.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6012c8cabf808ff7\pcaui.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.746_none_a8b46aaa6c07ca3d\CredentialUIBroker.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_5aba1063745f6e01\autofmt.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\AppVDllSurrogate.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4478665ed379a3fc\AtBroker.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\r\AppVShNotify.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_abd26b7610cb738e\f\AddSuggestedFoldersToLibraryDialog.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevTemplateConfigItemGenerator.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..onment-core-tcbboot_31bf3856ad364e35_10.0.19041.264_none_de5e254ba7caf399\f\tcblaunch.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\servicing\TrustedInstaller.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_76e6fb38a70dbd6d\f\GameBarPresenceWriter.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.746_none_c291aefd01a5d6d6\r\EoAExperiences.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\f\SyncAppvPublishingServer.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.844_none_e9349b06dfab6fdc\r\imjpuexc.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.264_none_1477a882bdce0df2\vmms.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-alg_31bf3856ad364e35_10.0.19041.746_none_86e29cecb9edce01\f\alg.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_cdf422107d2779cf\cttunesvr.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_4eec2752c7ea16f8\backgroundTaskHost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.746_none_3db5b5ee37a4dee7\r\CompPkgSrv.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1266_none_119b1e415d838a28\convert.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.1_none_23025624c75c162f\oobeldr.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\r\AppVStreamingUX.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_27f9f931a79d1cbe\mavinject.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevAgentPolicyGenerator.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_40d14f6c04397868\agentactivationruntimestarter.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1202_none_cc0c3d35675da3a1\appidcertstorecheck.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.264_none_839983ebef167c68\r\CredentialEnrollmentManager.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\autoconv.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_02d98290c2a0aa6b\jsc.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\f\hvix64.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\f\vmwp.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..al-chinese-moimeexe_31bf3856ad364e35_10.0.19041.746_none_0f44a2d7a5e3a37a\ChtIME.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.746_none_6ba9668b45cb4938\r\IcsEntitlementHost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.264_none_29367e02ede71097\f\wbadmin.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\WindowsSandboxClient.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_90e29eafea574969\psr.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\Microsoft.Uev.SyncController.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.867_none_b4e9fc09cfcbdd7c\r\AxInstUI.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.264_none_1477a882bdce0df2\r\vmms.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1288_none_e25de9f9d964cdad\r\conhost.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.153_none_c283d2cf01b0b7d8\EoAExperiences.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_5faf0ebeba197e78\calc.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\sysmon.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\r\oobeldr.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\SyncAppvPublishingServer.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevAppMonitor.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..directplay8-payload_31bf3856ad364e35_10.0.19041.1_none_b970f5eb6342eadb\dpnsvr.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\f\AppVShNotify.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-uevservice_31bf3856ad364e35_10.0.19041.1288_none_f26bd0dcdf662cc9\AgentService.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\f\CallingShellApp.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-warp-jitexecutable_31bf3856ad364e35_10.0.19041.1_none_83ab1c56c187ef65\Windows.WARP.JITService.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\compact.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.1266_none_07a5d18b92d8b668\f\cmproxyd.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.928_none_0f531ea0d233243b\r\DiagnosticsHub.StandardCollector.Service.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\f\hvax64.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\AppVShNotify.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\Microsoft.Uev.CscUnpinTool.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.264_none_3f30ef10158954bf\r\CustomInstallExec.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.19041.1_none_77d767642c0e040b\chkdsk.exe	NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.dbfbd1976c0723e9eaf7ea16e8d77d60.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3856-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3856-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads