49e932884330de25011ed074a980936abd8181e2daf3de40a3de171d1825341f

Analysis

max time kernel
139s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ccf77b21ac8b60c8ab71bfba2dc77cd0.exe
Size

112KB
MD5

ccf77b21ac8b60c8ab71bfba2dc77cd0
SHA1

af842cbec42c1399d973256f606faadc7f8c1772
SHA256

49e932884330de25011ed074a980936abd8181e2daf3de40a3de171d1825341f
SHA512

38aac6bcb141a93c592a3c47b591bc58040d2f8741064caa2b81402b2f43757ebcac8b1bb0d55e27fe0e72349f0be15e1222b3589e1c443e6f74288e97eeee4d
SSDEEP

3072:bigRqGiY/IA8wD5iZ4gKczBxGV6+UIXlaMA+uzlC1:yw/IFwDox+UGg5XzlC1

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4968	acwxofj.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\acwxofj.exe	NEAS.ccf77b21ac8b60c8ab71bfba2dc77cd0.exe
File created	C:\PROGRA~3\Mozilla\dhrleqa.dll	acwxofj.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.ccf77b21ac8b60c8ab71bfba2dc77cd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ccf77b21ac8b60c8ab71bfba2dc77cd0.exe"
1⤵
- Drops file in Program Files directory
PID:1632

C:\PROGRA~3\Mozilla\acwxofj.exe
C:\PROGRA~3\Mozilla\acwxofj.exe -stamzkg
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\acwxofj.exe

Filesize
112KB

MD5
94e1ad34330df0ecc95889c00a49f788

SHA1
7e2cd7ee6e34a6aae50fb517f98e877457f8130a

SHA256
feb0a71dd091a4cb6649452d27c128e644459f8065575ce87002d86bc1a304d0

SHA512
653be83a5910ca387a55b40893527d2a220e6d240c495fcfeb6280dc90a1e8251688e2f4daff669c563b6a82b054172df55720b8ddb093f2d8e77156248d77ce

Download Submit
C:\ProgramData\Mozilla\acwxofj.exe

Filesize
112KB

MD5
94e1ad34330df0ecc95889c00a49f788

SHA1
7e2cd7ee6e34a6aae50fb517f98e877457f8130a

SHA256
feb0a71dd091a4cb6649452d27c128e644459f8065575ce87002d86bc1a304d0

SHA512
653be83a5910ca387a55b40893527d2a220e6d240c495fcfeb6280dc90a1e8251688e2f4daff669c563b6a82b054172df55720b8ddb093f2d8e77156248d77ce

Download Submit
memory/1632-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1632-1-0x0000000002180000-0x00000000021DB000-memory.dmp

Filesize
364KB

Download
memory/1632-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4968-10-0x0000000000CF0000-0x0000000000D4B000-memory.dmp

Filesize
364KB

Download
memory/4968-16-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download