54229d11369bf1b37fb4dd333d92f5e142120ad87e29e0d7a7c74047d617fb19

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.febfb1123eead488d2853a781d2874f0.exe
Size

128KB
MD5

febfb1123eead488d2853a781d2874f0
SHA1

71783d917e7c3d6ea5e2ee84713cb64f6400e20e
SHA256

54229d11369bf1b37fb4dd333d92f5e142120ad87e29e0d7a7c74047d617fb19
SHA512

b589b1c184b578a0860530e7213a29b4d27bb3e636b2a0a71af554459813ff2173e54f85be76b2e5409e5d6ce63ea7983c4f2a3f0b88d74a5a20f1477d1c90fb
SSDEEP

3072:Te41eh3m0CYa8iZjsm6HB3p36o2fR39j+85N2dx:6Ph3wYpiZjn6HbZ2Z39j5Gx

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1332	ecxnjia.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ecxnjia.exe	NEAS.febfb1123eead488d2853a781d2874f0.exe
File created	C:\PROGRA~3\Mozilla\qxogatk.dll	ecxnjia.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.febfb1123eead488d2853a781d2874f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.febfb1123eead488d2853a781d2874f0.exe"
1⤵
- Drops file in Program Files directory
PID:1556

C:\PROGRA~3\Mozilla\ecxnjia.exe
C:\PROGRA~3\Mozilla\ecxnjia.exe -goglxbn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\ecxnjia.exe

Filesize
128KB

MD5
60292ff338cb453f80f5a7d3e2596a8a

SHA1
4c8f7017af9f24d7a47f5c5a19f9671b32fd68ac

SHA256
9fdffd616a41c40e1f7b0fc3dff4baca1f451e22392bd4b77fd850dbcffe5693

SHA512
cbb669363f9b51d1538d22ac8d522e1b213d1c1d24a8a3971927f71e866250de0b7d95bba081f2831c35026e92b32d58e274dfb5ccbc2ec2dec0a0dca1cd48d7

Download Submit
C:\ProgramData\Mozilla\ecxnjia.exe

Filesize
128KB

MD5
60292ff338cb453f80f5a7d3e2596a8a

SHA1
4c8f7017af9f24d7a47f5c5a19f9671b32fd68ac

SHA256
9fdffd616a41c40e1f7b0fc3dff4baca1f451e22392bd4b77fd850dbcffe5693

SHA512
cbb669363f9b51d1538d22ac8d522e1b213d1c1d24a8a3971927f71e866250de0b7d95bba081f2831c35026e92b32d58e274dfb5ccbc2ec2dec0a0dca1cd48d7

Download Submit
memory/1332-9-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1332-11-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1332-12-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1332-16-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1556-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1556-2-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1556-1-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1556-3-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1556-10-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download