1f09ac6a1292aa24f066331ef7962dabde378629ba7231e393278ff84737ff05

Analysis

max time kernel
151s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
Size

201KB
MD5

ed4fb893a323bbd6f804d6ad98504420
SHA1

e2c3a028e10eeb2d9c2ca961d63f8f728e860a0c
SHA256

1f09ac6a1292aa24f066331ef7962dabde378629ba7231e393278ff84737ff05
SHA512

50737622fc6762e7994796499351526ce54abc0fcae72f67fc0640231fedeb59a984d10ad93d39571f2a8a9c3a26fd829c7deaf36b69e8b1a7febeee0d20952d
SSDEEP

6144:WvVNKTWduZn4HXfDHHjpWVncWYSlYhluu/QtPK:WjgPZ4HvrHj436/IK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
Token: SeIncBasePriorityPrivilege	3148	NEAS.ed4fb893a323bbd6f804d6ad98504420.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.ed4fb893a323bbd6f804d6ad98504420.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ed4fb893a323bbd6f804d6ad98504420.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3148-0-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-1-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3148-2-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-3-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3148-4-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-5-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-6-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-7-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-8-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-9-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-10-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-11-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-12-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-13-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-14-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-15-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-16-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3148-17-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download