04cc54fe52fa7fe653e67534ddccff441a9a1be1ac98c7b63f168d99fdf9acb1

Analysis

max time kernel
139s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe
Size

5.0MB
MD5

3dfe4ab7b8deb0994fbbbfcc19548ad0
SHA1

81d1d814c529e5612ff8996189c049676a61f845
SHA256

04cc54fe52fa7fe653e67534ddccff441a9a1be1ac98c7b63f168d99fdf9acb1
SHA512

0b489a504d6c1cd970c0f7ea602fcdaa6bec864d15e22062554dcac788fafe0e58f8305d07b65f92f3e59ca576fd0a7efbe25df10418cbd01949f6b2a6d19262
SSDEEP

98304:dpEo+TETmVwja91BdBpWv7qO0roo1pCOyzdA7nXRIQb3CuVs18sTwaVBx:ddih6a9dnWvGOaHs5eRIQfel

Score

1^/10

Malware Config

Signatures

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000_Classes\WOW6432Node\CLSID\{A3358E75-826A3-31A5-2C1E-14A484D53571}	NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000_Classes\WOW6432Node\CLSID\{A3358E75-826A3-31A5-2C1E-14A484D53571}\33ED9CC4\2 = "150167025095041137104082203093181116174182019114"	NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000_Classes\WOW6432Node\CLSID\{A3358E75-826A3-31A5-2C1E-14A484D53571}\33ED9CC4	NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000_Classes\WOW6432Node	NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000_Classes\WOW6432Node\CLSID	NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2708	NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3dfe4ab7b8deb0994fbbbfcc19548ad0_JC.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2708-0-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-7-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-5-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-9-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-12-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-13-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/2708-14-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/2708-15-0x0000000074F10000-0x00000000754C1000-memory.dmp

Filesize
5.7MB

Download
memory/2708-16-0x0000000074F10000-0x00000000754C1000-memory.dmp

Filesize
5.7MB

Download
memory/2708-17-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-18-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-19-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-20-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-21-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-22-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-23-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-24-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-25-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-26-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-27-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-28-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-29-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-31-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-32-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-30-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-33-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-34-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-35-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-36-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-37-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-38-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-39-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-41-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/2708-40-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-42-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-43-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-44-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-45-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-46-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-47-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-48-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-49-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-51-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/2708-50-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-53-0x0000000074F10000-0x00000000754C1000-memory.dmp

Filesize
5.7MB

Download
memory/2708-52-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-54-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-55-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-56-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-57-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-58-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-60-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-59-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-61-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-62-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-64-0x0000000001760000-0x0000000001770000-memory.dmp

Filesize
64KB

Download
memory/2708-63-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-65-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-66-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-67-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-68-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-69-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-70-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-71-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-72-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-73-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-74-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-76-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-77-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-78-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-79-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-80-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-75-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-81-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-83-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-82-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-84-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-85-0x00000000018B0000-0x0000000001DD8000-memory.dmp

Filesize
5.2MB

Download
memory/2708-1577-0x0000000001760000-0x0000000001770000-memory.dmp

Filesize
64KB

Download
memory/2708-1579-0x0000000001760000-0x0000000001770000-memory.dmp

Filesize
64KB

Download
memory/2708-1580-0x0000000076860000-0x0000000076950000-memory.dmp

Filesize
960KB

Download
memory/2708-1581-0x0000000074F10000-0x00000000754C1000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads