Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
23/10/2023, 18:07
General
-
Target
NEAS.b2e8863f565e9fd0fb566db43e9ac4d0_JC.exe
-
Size
257KB
-
MD5
b2e8863f565e9fd0fb566db43e9ac4d0
-
SHA1
20548ae84127652491c0acb650205eba180a54bf
-
SHA256
509716235af468e22cf97da9572d6b4fafb907b863acc9f8f06cfb3e9d4bd92a
-
SHA512
be4c5dc98c8a712d858f7b06f7546dcf4b52b03214f570606779d9edc3f390b41bb465c573e152e23fcaf4b7dfb5d45ffd78bf37a42817a81b0276956eccaa0d
-
SSDEEP
3072:z0HoFoptKNgnAjWQYxWB+UMDoutkTy27zh5cl:IHoFocCAWDoSkTl7zjK
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b2e8863f565e9fd0fb566db43e9ac4d0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b2e8863f565e9fd0fb566db43e9ac4d0_JC.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqdkkp32.exeC:\Windows\system32\Hqdkkp32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jhfbog32.exeC:\Windows\system32\Jhfbog32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnedgq32.exeC:\Windows\system32\Jnedgq32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbgfhnhi.exeC:\Windows\system32\Kbgfhnhi.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Klbgfc32.exeC:\Windows\system32\Klbgfc32.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Loemnnhe.exeC:\Windows\system32\Loemnnhe.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lkcccn32.exeC:\Windows\system32\Lkcccn32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdbnmbhj.exeC:\Windows\system32\Mdbnmbhj.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nhjjip32.exeC:\Windows\system32\Nhjjip32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Okceaikl.exeC:\Windows\system32\Okceaikl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Obpkcc32.exeC:\Windows\system32\Obpkcc32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pcijce32.exeC:\Windows\system32\Pcijce32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abpcja32.exeC:\Windows\system32\Abpcja32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abcppq32.exeC:\Windows\system32\Abcppq32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bfhofnpp.exeC:\Windows\system32\Bfhofnpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdgolq32.exeC:\Windows\system32\Cdgolq32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emeffcid.exeC:\Windows\system32\Emeffcid.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eeddfe32.exeC:\Windows\system32\Eeddfe32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgkfqgce.exeC:\Windows\system32\Fgkfqgce.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnjhhpgl.exeC:\Windows\system32\Gnjhhpgl.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ggicbe32.exeC:\Windows\system32\Ggicbe32.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hfefdpfe.exeC:\Windows\system32\Hfefdpfe.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhadgmge.exeC:\Windows\system32\Lhadgmge.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mdkabmjf.exeC:\Windows\system32\Mdkabmjf.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mobbdf32.exeC:\Windows\system32\Mobbdf32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moeoje32.exeC:\Windows\system32\Moeoje32.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nncoaq32.exeC:\Windows\system32\Nncoaq32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ogefqeaj.exeC:\Windows\system32\Ogefqeaj.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Okcogc32.exeC:\Windows\system32\Okcogc32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Poeahaib.exeC:\Windows\system32\Poeahaib.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgcbbc32.exeC:\Windows\system32\Pgcbbc32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhekaejj.exeC:\Windows\system32\Qhekaejj.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aecbge32.exeC:\Windows\system32\Aecbge32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aokcjngj.exeC:\Windows\system32\Aokcjngj.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Becknc32.exeC:\Windows\system32\Becknc32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clbmfm32.exeC:\Windows\system32\Clbmfm32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfgace32.exeC:\Windows\system32\Cfgace32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Deokja32.exeC:\Windows\system32\Deokja32.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhpdkm32.exeC:\Windows\system32\Dhpdkm32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfqdid32.exeC:\Windows\system32\Dfqdid32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Doqbifpl.exeC:\Windows\system32\Doqbifpl.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eohhie32.exeC:\Windows\system32\Eohhie32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eedmlo32.exeC:\Windows\system32\Eedmlo32.exe45⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Epiaig32.exeC:\Windows\system32\Epiaig32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhiphi32.exeC:\Windows\system32\Fhiphi32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fofdkcmd.exeC:\Windows\system32\Fofdkcmd.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Geipnl32.exeC:\Windows\system32\Geipnl32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcdfho32.exeC:\Windows\system32\Hcdfho32.exe50⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hgbonm32.exeC:\Windows\system32\Hgbonm32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjqdafmp.exeC:\Windows\system32\Jjqdafmp.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjcqffkm.exeC:\Windows\system32\Jjcqffkm.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmdjha32.exeC:\Windows\system32\Jmdjha32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jikjmbmb.exeC:\Windows\system32\Jikjmbmb.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfaglf32.exeC:\Windows\system32\Kfaglf32.exe56⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kpilekqj.exeC:\Windows\system32\Kpilekqj.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kjopbd32.exeC:\Windows\system32\Kjopbd32.exe58⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Liifnp32.exeC:\Windows\system32\Liifnp32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfcmhc32.exeC:\Windows\system32\Lfcmhc32.exe60⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Laiafl32.exeC:\Windows\system32\Laiafl32.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mjfoja32.exeC:\Windows\system32\Mjfoja32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Miklkm32.exeC:\Windows\system32\Miklkm32.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjkiephp.exeC:\Windows\system32\Mjkiephp.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfaijand.exeC:\Windows\system32\Nfaijand.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkpbpp32.exeC:\Windows\system32\Nkpbpp32.exe66⤵
-
C:\Windows\SysWOW64\Ndhgie32.exeC:\Windows\system32\Ndhgie32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Npadcfnl.exeC:\Windows\system32\Npadcfnl.exe68⤵
-
C:\Windows\SysWOW64\Nkghqo32.exeC:\Windows\system32\Nkghqo32.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ogpfko32.exeC:\Windows\system32\Ogpfko32.exe70⤵
-
C:\Windows\SysWOW64\Onngci32.exeC:\Windows\system32\Onngci32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oggllnkl.exeC:\Windows\system32\Oggllnkl.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Phiekaql.exeC:\Windows\system32\Phiekaql.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Phkaqqoi.exeC:\Windows\system32\Phkaqqoi.exe74⤵
-
C:\Windows\SysWOW64\Qajlje32.exeC:\Windows\system32\Qajlje32.exe75⤵
-
C:\Windows\SysWOW64\Qhddgofo.exeC:\Windows\system32\Qhddgofo.exe76⤵
-
C:\Windows\SysWOW64\Agnkck32.exeC:\Windows\system32\Agnkck32.exe77⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bqkigp32.exeC:\Windows\system32\Bqkigp32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bbkeacqo.exeC:\Windows\system32\Bbkeacqo.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bdnkhn32.exeC:\Windows\system32\Bdnkhn32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bilcol32.exeC:\Windows\system32\Bilcol32.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cqiehnml.exeC:\Windows\system32\Cqiehnml.exe82⤵
-
C:\Windows\SysWOW64\Cjaiac32.exeC:\Windows\system32\Cjaiac32.exe83⤵
-
C:\Windows\SysWOW64\Cegnol32.exeC:\Windows\system32\Cegnol32.exe84⤵
-
C:\Windows\SysWOW64\Cbnknpqj.exeC:\Windows\system32\Cbnknpqj.exe85⤵
-
C:\Windows\SysWOW64\Dbphcpog.exeC:\Windows\system32\Dbphcpog.exe86⤵
-
C:\Windows\SysWOW64\Dgomaf32.exeC:\Windows\system32\Dgomaf32.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dgaiffii.exeC:\Windows\system32\Dgaiffii.exe88⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dhcfleff.exeC:\Windows\system32\Dhcfleff.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ejdonq32.exeC:\Windows\system32\Ejdonq32.exe90⤵
-
C:\Windows\SysWOW64\Enbhdojn.exeC:\Windows\system32\Enbhdojn.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejiiippb.exeC:\Windows\system32\Ejiiippb.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eijigg32.exeC:\Windows\system32\Eijigg32.exe93⤵
-
C:\Windows\SysWOW64\Eaenkj32.exeC:\Windows\system32\Eaenkj32.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eoindndf.exeC:\Windows\system32\Eoindndf.exe95⤵
-
C:\Windows\SysWOW64\Folkjnbc.exeC:\Windows\system32\Folkjnbc.exe96⤵
-
C:\Windows\SysWOW64\Flpkcbqm.exeC:\Windows\system32\Flpkcbqm.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fblpflfg.exeC:\Windows\system32\Fblpflfg.exe98⤵
-
C:\Windows\SysWOW64\Focakm32.exeC:\Windows\system32\Focakm32.exe99⤵
-
C:\Windows\SysWOW64\Fkiapn32.exeC:\Windows\system32\Fkiapn32.exe100⤵
-
C:\Windows\SysWOW64\Feofmf32.exeC:\Windows\system32\Feofmf32.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbhpajlj.exeC:\Windows\system32\Gbhpajlj.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ghdhja32.exeC:\Windows\system32\Ghdhja32.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbjlgj32.exeC:\Windows\system32\Gbjlgj32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hembndee.exeC:\Windows\system32\Hembndee.exe105⤵
-
C:\Windows\SysWOW64\Ihgnfnjl.exeC:\Windows\system32\Ihgnfnjl.exe106⤵
-
C:\Windows\SysWOW64\Ieknpb32.exeC:\Windows\system32\Ieknpb32.exe107⤵
-
C:\Windows\SysWOW64\Iocchhof.exeC:\Windows\system32\Iocchhof.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jkomhhae.exeC:\Windows\system32\Jkomhhae.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lcbmlbig.exeC:\Windows\system32\Lcbmlbig.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mbjgcnll.exeC:\Windows\system32\Mbjgcnll.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mldhacpj.exeC:\Windows\system32\Mldhacpj.exe112⤵
-
C:\Windows\SysWOW64\Mlialb32.exeC:\Windows\system32\Mlialb32.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mjjbjjdd.exeC:\Windows\system32\Mjjbjjdd.exe114⤵
-
C:\Windows\SysWOW64\Ncbfcp32.exeC:\Windows\system32\Ncbfcp32.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Npighq32.exeC:\Windows\system32\Npighq32.exe116⤵
-
C:\Windows\SysWOW64\Njokei32.exeC:\Windows\system32\Njokei32.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nlphmafm.exeC:\Windows\system32\Nlphmafm.exe118⤵
-
C:\Windows\SysWOW64\Nffljjfc.exeC:\Windows\system32\Nffljjfc.exe119⤵
-
C:\Windows\SysWOW64\Nifele32.exeC:\Windows\system32\Nifele32.exe120⤵
-
C:\Windows\SysWOW64\Omigmc32.exeC:\Windows\system32\Omigmc32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-