Analysis
-
max time kernel
136s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21/10/2023, 19:22
General
-
Target
NEAS.dfb31cf363e6bbc1867f21298dd34430_JC.exe
-
Size
192KB
-
MD5
dfb31cf363e6bbc1867f21298dd34430
-
SHA1
9851cb900ce91a0218c7c63d41b8e4514cc934be
-
SHA256
b1d28030e21186ec83a56d5429aafaed35a52bf7cf0d8d0dab7bed955daec006
-
SHA512
bd164bf5d09183ad17abf7c2fecf69bab65ad2d89898b4fd5610ee58e97fd99e7fd3e0f6a4ad5f45337e846039008682e2c3503fd95d30fcd62140f8ec06d466
-
SSDEEP
3072:EJs8e9C/QTdlYiVHgzL20WKFcp9jRV5C/8qy4p2Y7YWlt6o:KsFzdZxgzL2V4cpC0L4AY7YWT6o
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dfb31cf363e6bbc1867f21298dd34430_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dfb31cf363e6bbc1867f21298dd34430_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Feqeog32.exeC:\Windows\system32\Feqeog32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gicgpelg.exeC:\Windows\system32\Gicgpelg.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gpmomo32.exeC:\Windows\system32\Gpmomo32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ganldgib.exeC:\Windows\system32\Ganldgib.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gkdpbpih.exeC:\Windows\system32\Gkdpbpih.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Geldkfpi.exeC:\Windows\system32\Geldkfpi.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gbpedjnb.exeC:\Windows\system32\Gbpedjnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Geanfelc.exeC:\Windows\system32\Geanfelc.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hecjke32.exeC:\Windows\system32\Hecjke32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hiacacpg.exeC:\Windows\system32\Hiacacpg.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpmhdmea.exeC:\Windows\system32\Hpmhdmea.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hldiinke.exeC:\Windows\system32\Hldiinke.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Haaaaeim.exeC:\Windows\system32\Haaaaeim.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipbaol32.exeC:\Windows\system32\Ipbaol32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibcjqgnm.exeC:\Windows\system32\Ibcjqgnm.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilkoim32.exeC:\Windows\system32\Ilkoim32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ieccbbkn.exeC:\Windows\system32\Ieccbbkn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iialhaad.exeC:\Windows\system32\Iialhaad.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iondqhpl.exeC:\Windows\system32\Iondqhpl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jidinqpb.exeC:\Windows\system32\Jidinqpb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jekjcaef.exeC:\Windows\system32\Jekjcaef.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Jppnpjel.exeC:\Windows\system32\Jppnpjel.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jadgnb32.exeC:\Windows\system32\Jadgnb32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kefiopki.exeC:\Windows\system32\Kefiopki.exe3⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kcjjhdjb.exeC:\Windows\system32\Kcjjhdjb.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kekbjo32.exeC:\Windows\system32\Kekbjo32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kcoccc32.exeC:\Windows\system32\Kcoccc32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khlklj32.exeC:\Windows\system32\Khlklj32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kcapicdj.exeC:\Windows\system32\Kcapicdj.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lcclncbh.exeC:\Windows\system32\Lcclncbh.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhqefjpo.exeC:\Windows\system32\Lhqefjpo.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Laiipofp.exeC:\Windows\system32\Laiipofp.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Legben32.exeC:\Windows\system32\Legben32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpochfji.exeC:\Windows\system32\Lpochfji.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjggal32.exeC:\Windows\system32\Mjggal32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adjjeieh.exeC:\Windows\system32\Adjjeieh.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajdbac32.exeC:\Windows\system32\Ajdbac32.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bboffejp.exeC:\Windows\system32\Bboffejp.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ggccllai.exeC:\Windows\system32\Ggccllai.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lkiamp32.exeC:\Windows\system32\Lkiamp32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ooangh32.exeC:\Windows\system32\Ooangh32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdlhgpag.exeC:\Windows\system32\Cdlhgpag.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gjcfcakn.exeC:\Windows\system32\Gjcfcakn.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glabolja.exeC:\Windows\system32\Glabolja.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gdhjpjjd.exeC:\Windows\system32\Gdhjpjjd.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gggfme32.exeC:\Windows\system32\Gggfme32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnanioad.exeC:\Windows\system32\Gnanioad.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gdkffi32.exeC:\Windows\system32\Gdkffi32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ggicbe32.exeC:\Windows\system32\Ggicbe32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnckooob.exeC:\Windows\system32\Gnckooob.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gglpgd32.exeC:\Windows\system32\Gglpgd32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjjldpdf.exeC:\Windows\system32\Hjjldpdf.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hmhhpkcj.exeC:\Windows\system32\Hmhhpkcj.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oeopnmoa.exeC:\Windows\system32\Oeopnmoa.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ogqmee32.exeC:\Windows\system32\Ogqmee32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oogdfc32.exeC:\Windows\system32\Oogdfc32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oafacn32.exeC:\Windows\system32\Oafacn32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oeamcmmo.exeC:\Windows\system32\Oeamcmmo.exe37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ogcike32.exeC:\Windows\system32\Ogcike32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Onmahojj.exeC:\Windows\system32\Onmahojj.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oahnhncc.exeC:\Windows\system32\Oahnhncc.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okqbac32.exeC:\Windows\system32\Okqbac32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebagdddp.exeC:\Windows\system32\Ebagdddp.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kiodha32.exeC:\Windows\system32\Kiodha32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kjopbd32.exeC:\Windows\system32\Kjopbd32.exe44⤵
-
C:\Windows\SysWOW64\Kplijk32.exeC:\Windows\system32\Kplijk32.exe45⤵
-
C:\Windows\SysWOW64\Kjamhd32.exeC:\Windows\system32\Kjamhd32.exe46⤵
-
C:\Windows\SysWOW64\Kciaqi32.exeC:\Windows\system32\Kciaqi32.exe47⤵
-
C:\Windows\SysWOW64\Kifjip32.exeC:\Windows\system32\Kifjip32.exe48⤵
-
C:\Windows\SysWOW64\Kfjjbd32.exeC:\Windows\system32\Kfjjbd32.exe49⤵
-
C:\Windows\SysWOW64\Limpiomm.exeC:\Windows\system32\Limpiomm.exe50⤵
-
C:\Windows\SysWOW64\Lpghfi32.exeC:\Windows\system32\Lpghfi32.exe51⤵
-
C:\Windows\SysWOW64\Lhopgg32.exeC:\Windows\system32\Lhopgg32.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lmkipncc.exeC:\Windows\system32\Lmkipncc.exe53⤵
-
C:\Windows\SysWOW64\Lpjelibg.exeC:\Windows\system32\Lpjelibg.exe54⤵
-
C:\Windows\SysWOW64\Lfcmhc32.exeC:\Windows\system32\Lfcmhc32.exe55⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lmneemaq.exeC:\Windows\system32\Lmneemaq.exe56⤵
-
C:\Windows\SysWOW64\Lplaaiqd.exeC:\Windows\system32\Lplaaiqd.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhcjbfag.exeC:\Windows\system32\Lhcjbfag.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mjafoapj.exeC:\Windows\system32\Mjafoapj.exe59⤵
-
C:\Windows\SysWOW64\Mdjjgggk.exeC:\Windows\system32\Mdjjgggk.exe60⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mankaked.exeC:\Windows\system32\Mankaked.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mpqklh32.exeC:\Windows\system32\Mpqklh32.exe62⤵
-
C:\Windows\SysWOW64\Mjfoja32.exeC:\Windows\system32\Mjfoja32.exe63⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mapgfk32.exeC:\Windows\system32\Mapgfk32.exe64⤵
-
C:\Windows\SysWOW64\Mhjpceko.exeC:\Windows\system32\Mhjpceko.exe65⤵
-
C:\Windows\SysWOW64\Miklkm32.exeC:\Windows\system32\Miklkm32.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nfaijand.exeC:\Windows\system32\Nfaijand.exe67⤵
-
C:\Windows\SysWOW64\Ndejcemn.exeC:\Windows\system32\Ndejcemn.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nfdfoala.exeC:\Windows\system32\Nfdfoala.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Niihlkdm.exeC:\Windows\system32\Niihlkdm.exe70⤵
-
C:\Windows\SysWOW64\Npcaie32.exeC:\Windows\system32\Npcaie32.exe71⤵
-
C:\Windows\SysWOW64\Ohkijc32.exeC:\Windows\system32\Ohkijc32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oacmchcl.exeC:\Windows\system32\Oacmchcl.exe73⤵
-
C:\Windows\SysWOW64\Opfnne32.exeC:\Windows\system32\Opfnne32.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ogpfko32.exeC:\Windows\system32\Ogpfko32.exe75⤵
-
C:\Windows\SysWOW64\Omjnhiiq.exeC:\Windows\system32\Omjnhiiq.exe76⤵
-
C:\Windows\SysWOW64\Ohobebig.exeC:\Windows\system32\Ohobebig.exe77⤵
-
C:\Windows\SysWOW64\Ohaokbfd.exeC:\Windows\system32\Ohaokbfd.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oickbjmb.exeC:\Windows\system32\Oickbjmb.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opmcod32.exeC:\Windows\system32\Opmcod32.exe80⤵
-
C:\Windows\SysWOW64\Oggllnkl.exeC:\Windows\system32\Oggllnkl.exe81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pdklebje.exeC:\Windows\system32\Pdklebje.exe82⤵
-
C:\Windows\SysWOW64\Pgihanii.exeC:\Windows\system32\Pgihanii.exe83⤵
-
C:\Windows\SysWOW64\Pncanhaf.exeC:\Windows\system32\Pncanhaf.exe84⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gklnem32.exeC:\Windows\system32\Gklnem32.exe85⤵
-
C:\Windows\SysWOW64\Ghbkdald.exeC:\Windows\system32\Ghbkdald.exe86⤵
-
C:\Windows\SysWOW64\Gaoihfoo.exeC:\Windows\system32\Gaoihfoo.exe87⤵
-
C:\Windows\SysWOW64\Hifaic32.exeC:\Windows\system32\Hifaic32.exe88⤵
-
C:\Windows\SysWOW64\Hleneo32.exeC:\Windows\system32\Hleneo32.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hiinoc32.exeC:\Windows\system32\Hiinoc32.exe90⤵
-
C:\Windows\SysWOW64\Ikcmmjkb.exeC:\Windows\system32\Ikcmmjkb.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Icjengld.exeC:\Windows\system32\Icjengld.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ihgnfnjl.exeC:\Windows\system32\Ihgnfnjl.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ioafchai.exeC:\Windows\system32\Ioafchai.exe94⤵
-
C:\Windows\SysWOW64\Ijgjpaao.exeC:\Windows\system32\Ijgjpaao.exe95⤵
-
C:\Windows\SysWOW64\Icooig32.exeC:\Windows\system32\Icooig32.exe96⤵
-
C:\Windows\SysWOW64\Ihlgan32.exeC:\Windows\system32\Ihlgan32.exe97⤵
-
C:\Windows\SysWOW64\Iofpnhmc.exeC:\Windows\system32\Iofpnhmc.exe98⤵
-
C:\Windows\SysWOW64\Ijkdkq32.exeC:\Windows\system32\Ijkdkq32.exe99⤵
-
C:\Windows\SysWOW64\Icdhdfcj.exeC:\Windows\system32\Icdhdfcj.exe100⤵
-
C:\Windows\SysWOW64\Jfbdpabn.exeC:\Windows\system32\Jfbdpabn.exe101⤵
-
C:\Windows\SysWOW64\Jokiig32.exeC:\Windows\system32\Jokiig32.exe102⤵
-
C:\Windows\SysWOW64\Jjpmfpid.exeC:\Windows\system32\Jjpmfpid.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jloibkhh.exeC:\Windows\system32\Jloibkhh.exe104⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jfgnka32.exeC:\Windows\system32\Jfgnka32.exe105⤵
-
C:\Windows\SysWOW64\Jlafhkfe.exeC:\Windows\system32\Jlafhkfe.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcmkjeko.exeC:\Windows\system32\Jcmkjeko.exe107⤵
-
C:\Windows\SysWOW64\Jhjcbljf.exeC:\Windows\system32\Jhjcbljf.exe108⤵
-
C:\Windows\SysWOW64\Kcphpdil.exeC:\Windows\system32\Kcphpdil.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kfndlphp.exeC:\Windows\system32\Kfndlphp.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmhlijpm.exeC:\Windows\system32\Kmhlijpm.exe111⤵
-
C:\Windows\SysWOW64\Kcbded32.exeC:\Windows\system32\Kcbded32.exe112⤵
-
C:\Windows\SysWOW64\Kjlmbnof.exeC:\Windows\system32\Kjlmbnof.exe113⤵
-
C:\Windows\SysWOW64\Kkmijf32.exeC:\Windows\system32\Kkmijf32.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kmmedi32.exeC:\Windows\system32\Kmmedi32.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kokbpe32.exeC:\Windows\system32\Kokbpe32.exe116⤵
-
C:\Windows\SysWOW64\Lbqdmodg.exeC:\Windows\system32\Lbqdmodg.exe117⤵
-
C:\Windows\SysWOW64\Lijlii32.exeC:\Windows\system32\Lijlii32.exe118⤵
-
C:\Windows\SysWOW64\Lfnmcnjn.exeC:\Windows\system32\Lfnmcnjn.exe119⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Limioiia.exeC:\Windows\system32\Limioiia.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lfqjhmhk.exeC:\Windows\system32\Lfqjhmhk.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-