Analysis
-
max time kernel
144s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
21-10-2023 21:12
General
-
Target
NEAS.079cacbaa68d0a795e25edcea3a55f80.exe
-
Size
76KB
-
MD5
079cacbaa68d0a795e25edcea3a55f80
-
SHA1
07244ba840907e03a54c6b65a6658cc2b39937b4
-
SHA256
4db3ea89fb5802355b3f98ba8a46ccdf16e8479949f273dc20e84b20cf2d9ee7
-
SHA512
6eb3d98b4d2d3db5daea4d9b4178c3b52df2b9345274c1907a5919e04cf94901a8d86f51f778bd9724265d4b1077a8f91d6ea21ece01285abf95f162d93056b8
-
SSDEEP
384:vbLwOs8AHsc4sMfwhKQLroP4/CFsrdOI1Nb7g7FX7XYfruVDtM9tQ/FKlnVwU1:vvw9816vhKQLroP4/wQRNrfrunMxVD
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.079cacbaa68d0a795e25edcea3a55f80.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.079cacbaa68d0a795e25edcea3a55f80.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{07A29BD7-635F-47a9-BF0A-27A1CC34BB4A}.exeC:\Windows\{07A29BD7-635F-47a9-BF0A-27A1CC34BB4A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FB4DDE49-1CF4-408b-B3B4-66685410A3A8}.exeC:\Windows\{FB4DDE49-1CF4-408b-B3B4-66685410A3A8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{227E57D7-CDED-4f9e-8F99-2C46A7468B9F}.exeC:\Windows\{227E57D7-CDED-4f9e-8F99-2C46A7468B9F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{20CF970F-FA7E-42a2-9A78-82B3D22864CD}.exeC:\Windows\{20CF970F-FA7E-42a2-9A78-82B3D22864CD}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{36D8224E-E13C-483f-B60F-52876846B12A}.exeC:\Windows\{36D8224E-E13C-483f-B60F-52876846B12A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{88E186E4-E143-4826-9FF6-BEE502595DC2}.exeC:\Windows\{88E186E4-E143-4826-9FF6-BEE502595DC2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A85D3CD4-A342-4c73-91E3-558135F22867}.exeC:\Windows\{A85D3CD4-A342-4c73-91E3-558135F22867}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F0062E3E-A7D9-4fd7-A037-13B758F469A3}.exeC:\Windows\{F0062E3E-A7D9-4fd7-A037-13B758F469A3}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{65F83B66-3205-4ba5-AD9E-53BE751FDDC9}.exeC:\Windows\{65F83B66-3205-4ba5-AD9E-53BE751FDDC9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{18781AAA-21FA-4e05-BAED-682384997D44}.exeC:\Windows\{18781AAA-21FA-4e05-BAED-682384997D44}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5A789D84-C5B9-4bb4-81A8-51BDD1FFDF8F}.exeC:\Windows\{5A789D84-C5B9-4bb4-81A8-51BDD1FFDF8F}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18781~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{65F83~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F0062~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A85D3~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88E18~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{36D82~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20CF9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{227E5~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB4DD~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{07A29~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\NEAS07~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD5d6f541f20cf91401250040809e6531a5
SHA1b4bf57a090bbe4ee5ec96367ea338ff5a36e0780
SHA2560dfac793be520dedc9a102fdecdf4e61edc4ebb2c7b3c64fdd765e79c785e61b
SHA512ec40e366a0e8c074164302d01e93a807d8b930e7d3b93b1d58bf1303b06fd36dff8ef12ddbfdbb3370f710b765178c385646449aca2ba0163e79c9f984be2827
-
Filesize
76KB
MD5d6f541f20cf91401250040809e6531a5
SHA1b4bf57a090bbe4ee5ec96367ea338ff5a36e0780
SHA2560dfac793be520dedc9a102fdecdf4e61edc4ebb2c7b3c64fdd765e79c785e61b
SHA512ec40e366a0e8c074164302d01e93a807d8b930e7d3b93b1d58bf1303b06fd36dff8ef12ddbfdbb3370f710b765178c385646449aca2ba0163e79c9f984be2827
-
Filesize
76KB
MD5d6f541f20cf91401250040809e6531a5
SHA1b4bf57a090bbe4ee5ec96367ea338ff5a36e0780
SHA2560dfac793be520dedc9a102fdecdf4e61edc4ebb2c7b3c64fdd765e79c785e61b
SHA512ec40e366a0e8c074164302d01e93a807d8b930e7d3b93b1d58bf1303b06fd36dff8ef12ddbfdbb3370f710b765178c385646449aca2ba0163e79c9f984be2827
-
Filesize
76KB
MD5f94592d18e00d4ffab250b2d8b8afd7f
SHA1a1a9bb093d7f25fd9274359946bdcf09d8ee3fdc
SHA2563616582ffe5ec207a3e8c4a3c3fe7a6f5b7ae7d76dea07a5722d3bb5e4f0197e
SHA5120aa1fef3631af4d965877178fc9daf7d0fd834e18172ed893abe6fdfdafeee6fea2e5047ff18a2e6bc86f0d2d2926c6e88a5f309d484e278af05bdc344f4d95d
-
Filesize
76KB
MD5f94592d18e00d4ffab250b2d8b8afd7f
SHA1a1a9bb093d7f25fd9274359946bdcf09d8ee3fdc
SHA2563616582ffe5ec207a3e8c4a3c3fe7a6f5b7ae7d76dea07a5722d3bb5e4f0197e
SHA5120aa1fef3631af4d965877178fc9daf7d0fd834e18172ed893abe6fdfdafeee6fea2e5047ff18a2e6bc86f0d2d2926c6e88a5f309d484e278af05bdc344f4d95d
-
Filesize
76KB
MD536ef1d51d8e10fa591be33a5f8079e58
SHA1a88dd5cd65bf4cd76c7daaa5c4ba73c608540124
SHA256dc71ea55cecb93a251e42e5e27094a6536d9759e14f55621ec72d760fbdcf425
SHA512f2725df9b7335a2150acad83d10795757eecee794673ecc8e4157ccbdab5a116e647a13bcd81efd1beaf9369ef993aabaaf2837f12e7746c464e9d949dfba28f
-
Filesize
76KB
MD536ef1d51d8e10fa591be33a5f8079e58
SHA1a88dd5cd65bf4cd76c7daaa5c4ba73c608540124
SHA256dc71ea55cecb93a251e42e5e27094a6536d9759e14f55621ec72d760fbdcf425
SHA512f2725df9b7335a2150acad83d10795757eecee794673ecc8e4157ccbdab5a116e647a13bcd81efd1beaf9369ef993aabaaf2837f12e7746c464e9d949dfba28f
-
Filesize
76KB
MD54a6546dc5e845690fd52c491d96a26b7
SHA17be5b47c86c32f7dc51fd977297dbdb279f68236
SHA2568b42624f3c0c2801efec466e92bac28663abaea0cdbde986981916ac683c20c2
SHA5126db87f1b5c5e3b3be13c102ceb9a10f8e70d7442942dbdabe49522cf144255b30eb64e7b12a779efb474eef7c46ec470cb145a80c390b62d81ac8746dc2e7388
-
Filesize
76KB
MD54a6546dc5e845690fd52c491d96a26b7
SHA17be5b47c86c32f7dc51fd977297dbdb279f68236
SHA2568b42624f3c0c2801efec466e92bac28663abaea0cdbde986981916ac683c20c2
SHA5126db87f1b5c5e3b3be13c102ceb9a10f8e70d7442942dbdabe49522cf144255b30eb64e7b12a779efb474eef7c46ec470cb145a80c390b62d81ac8746dc2e7388
-
Filesize
76KB
MD513e6e772f368ff8289ab0353eeba4cd4
SHA1520f3954fc07a2c54899c60f6a30b3d2d8559992
SHA25636738c528bb2e12a2d200ff0a49c0cfd66a84b04ea3bb5293cf8a0a8d9c86901
SHA5124836ec941ced0b72974b20705db14c39770c0367986be54c989d1976f43d5edb26a81cf417f70d2c77a7a73a016b374883ead7a34bfe88d7beb43e4f5d90395f
-
Filesize
76KB
MD513e6e772f368ff8289ab0353eeba4cd4
SHA1520f3954fc07a2c54899c60f6a30b3d2d8559992
SHA25636738c528bb2e12a2d200ff0a49c0cfd66a84b04ea3bb5293cf8a0a8d9c86901
SHA5124836ec941ced0b72974b20705db14c39770c0367986be54c989d1976f43d5edb26a81cf417f70d2c77a7a73a016b374883ead7a34bfe88d7beb43e4f5d90395f
-
Filesize
76KB
MD591bf0a3db4b91d215a2f70fd9c735406
SHA1498b5a3cdb5abbcdcdfd044f9f611709f1c66135
SHA256c0bbed5fb8478337fc233076cf423bda73229e0f71c7b4798b731c901e111f29
SHA512324059042ed43f6e2ef9809d5b8a088b3188b51ef3c981e02a8d7a6d23889e9a1fdb43e035fa6dcccc0eaff6c58f4525d12e2ab45f8de12c8744eaec98fa4b52
-
Filesize
76KB
MD5d92c6705303a4fafe5c5a22daef12be7
SHA1d3787a095344be6e869ede5283a6277fea95e962
SHA25604a5817101322bc493c43830a9b2b0b1e36e6506b4658fc204ca81d00934fc5b
SHA512e67cfb26ddecb806b4098a49b2d58c60b4b6f40aed2870374cc1c898a4d7d2d349d255acb03036227daaa2cb32f7491664c6c43ee38ca2646fa4564c6bc338df
-
Filesize
76KB
MD5d92c6705303a4fafe5c5a22daef12be7
SHA1d3787a095344be6e869ede5283a6277fea95e962
SHA25604a5817101322bc493c43830a9b2b0b1e36e6506b4658fc204ca81d00934fc5b
SHA512e67cfb26ddecb806b4098a49b2d58c60b4b6f40aed2870374cc1c898a4d7d2d349d255acb03036227daaa2cb32f7491664c6c43ee38ca2646fa4564c6bc338df
-
Filesize
76KB
MD54279d8d3bb9e720b440bd0522e2f2c66
SHA1741d279a2b83d7eeb6b13297174ce36fe617592b
SHA2566546ec2de7df6c9ffcf01462eed2ea5f9f8d9a4d578c5fc45c5e85b9dcb2ec74
SHA512d515cd51031674f567efa50de9fa6c235fd68765211c704dd95244c073d222deef81ba5737e6a822a9c37fc0ead311529b1937e30596240e15d7fa5f545ceb3a
-
Filesize
76KB
MD54279d8d3bb9e720b440bd0522e2f2c66
SHA1741d279a2b83d7eeb6b13297174ce36fe617592b
SHA2566546ec2de7df6c9ffcf01462eed2ea5f9f8d9a4d578c5fc45c5e85b9dcb2ec74
SHA512d515cd51031674f567efa50de9fa6c235fd68765211c704dd95244c073d222deef81ba5737e6a822a9c37fc0ead311529b1937e30596240e15d7fa5f545ceb3a
-
Filesize
76KB
MD57d5862f9d1a211b76a41b1a3db03e392
SHA15a1be9038d1c706e17f4d9e619bba1f00f027757
SHA256822ff3e322825aac231be36071f34317b49ce9c5007760b15fa9881439a71f7e
SHA5127970625a066d839ed30714a065b9213da998409a7b9f56fa6f4b7a55c5c1c95cc6cd860b807d78e76575e4d68a2904e7a08ee9298bfb494aae0d8f2c1eabcd55
-
Filesize
76KB
MD57d5862f9d1a211b76a41b1a3db03e392
SHA15a1be9038d1c706e17f4d9e619bba1f00f027757
SHA256822ff3e322825aac231be36071f34317b49ce9c5007760b15fa9881439a71f7e
SHA5127970625a066d839ed30714a065b9213da998409a7b9f56fa6f4b7a55c5c1c95cc6cd860b807d78e76575e4d68a2904e7a08ee9298bfb494aae0d8f2c1eabcd55
-
Filesize
76KB
MD553add9974cb6d9c4fc99345d546c3744
SHA1b02790291c68dfc68da218923448a16428945a74
SHA2561b0979c89ce1b4a9ec13bc7adfbcd87d2d29a93bd615e77c5ef0d1f24ebb9a38
SHA5124c14a4ccbdf83cce6fc6dd7f7581fdc65301b1f2a5cce4f927d7ca4bd69ef96713e2997c746c6756798ad6a1e1283a569abd0db9114f6a13fac1ac62b8cf7abb
-
Filesize
76KB
MD553add9974cb6d9c4fc99345d546c3744
SHA1b02790291c68dfc68da218923448a16428945a74
SHA2561b0979c89ce1b4a9ec13bc7adfbcd87d2d29a93bd615e77c5ef0d1f24ebb9a38
SHA5124c14a4ccbdf83cce6fc6dd7f7581fdc65301b1f2a5cce4f927d7ca4bd69ef96713e2997c746c6756798ad6a1e1283a569abd0db9114f6a13fac1ac62b8cf7abb
-
Filesize
76KB
MD511443ebea14db0528d057690b93b605c
SHA1cb3f6331d5d5270747e8dbf76000bc13619086ef
SHA2569e72d04a2a64b33b6fbf0c36f093238ed1cc949ed7364a39959cd51410063811
SHA512b1bca0c7a6dd749f5bd0abaf634b4ddccaf9f483818aaca31547f5c5ce2978f489a7bc59c51d7a35b60f36d25c22e8e2aec6e0278f4928781002afc755b1b785
-
Filesize
76KB
MD511443ebea14db0528d057690b93b605c
SHA1cb3f6331d5d5270747e8dbf76000bc13619086ef
SHA2569e72d04a2a64b33b6fbf0c36f093238ed1cc949ed7364a39959cd51410063811
SHA512b1bca0c7a6dd749f5bd0abaf634b4ddccaf9f483818aaca31547f5c5ce2978f489a7bc59c51d7a35b60f36d25c22e8e2aec6e0278f4928781002afc755b1b785