9045f225574c183a231f07478f274c4595e923364e6bc16c3a938e694449c7c9

Analysis

max time kernel
151s
max time network
144s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
Size

6.7MB
MD5

7bebd8cb62188ff993fd32e5f6c1d970
SHA1

3c4db4dd8eaba1601c253dcc4f7de8524dafbbcb
SHA256

9045f225574c183a231f07478f274c4595e923364e6bc16c3a938e694449c7c9
SHA512

05a4b8f7ed2effb7e0c3cbfda75673f9f748090480ae6c68d7bbf425ce75ea57b1b001c555250180bd425e93a0a8aaf9ca8c58956973b0cdaa86094d98ee2f24
SSDEEP

196608:Ub3bPk5HyC8k5h/wDdEoNiV4I/WWwA7mIb1z8w:Ub3bPk5HPhJCIb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1640-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/1640-2-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x000100000000ea75-6.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\AtBroker.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\cipher.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\taskmgr.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\fontview.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\gpresult.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\instnm.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\subst.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\xpsrchvw.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\compact.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\net1.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\sdiagnhost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\comp.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\eudcedit.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\extrac32.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\certreq.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\ocsetup.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\whoami.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\grpconv.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\mountvol.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\svchost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\userinit.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\cscript.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\regsvr32.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\sdchange.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\tasklist.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\wextract.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\mobsync.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\xcopy.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\chkdsk.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\cmstp.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\dllhost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\netsh.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\nslookup.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\cacls.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\fixmapi.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\SysWOW64\runonce.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3\LogonUI.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_a82ee2a7319fa8f8\ipconfig.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.1.7600.16385_none_b444164f1eecd3f2\cacls.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_a5a135380060b978\aspnet_compiler.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_d26a33ec18cb49c4\conhost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d\lpremove.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683\driverquery.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\ehome\mcGlidHost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisrstas.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86\iscsicli.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\ehome\ehexthost.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\ehome\mcspad.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-choice_31bf3856ad364e35_6.1.7601.17514_none_218cf07ba262766c\choice.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..xing-service-server_31bf3856ad364e35_6.1.7601.17514_none_0db5e5844ed6ffe9\CISVC.EXE	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\HelpPane.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fdddo_31bf3856ad364e35_6.1.7600.16385_none_b0de2afe4ca7a1e2\DeviceDisplayObjectProvider.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_11.2.9600.16428_none_e410f56f6c4ee930\ConfigureIEOptionalComponents.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60\irftp.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_a044d905576812d4\odbcad32.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5\AdapterTroubleshooter.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_5702948e8e63fc30\wecutil.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_e47ee9c51ad9df17\ktmutil.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22\WFS.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_6.1.7600.16385_none_8945930a7d61b9f0\MigRegDB.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_6a5b38699f97e38d\imjppdmg.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appidpolicyconverter.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_28590620099da2d8\fsutil.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1\pcalua.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3\Defrag.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_5cbb962a4f0d58c1\comp.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_8ea990b7bfab3802\icacls.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe	NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.7bebd8cb62188ff993fd32e5f6c1d970.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Filesize
6.7MB

MD5
5acddd357a1bef4e350ed0e84c436707

SHA1
19a43a66fb79358d5d50d5837ee30788cdfd8f05

SHA256
f3de664cfd52df2fc07bfc4cb6009fa1b98b6fe5720f7ef49c5682b4ea0102ad

SHA512
46cea5cb12f9267721553bf9e8ae715e58dd1a9d64758881a13e6213f5c8b3f47c936cee06d11b1b713cdf4c61906955600a11994b21fa7e52040e3684b4620d

Download Submit
memory/1640-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1640-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads