f529f531d30e52dd5ed0f4a96c70b8c36ce4a1475b09f4a4689f1dfb0c97753a

Analysis

max time kernel
83s
max time network
31s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Size

72KB
MD5

270c2ae1b8ddda9154c0f48d8feafef0
SHA1

cca2ec47e6a5147357c09baf26dec63ca5719f3b
SHA256

f529f531d30e52dd5ed0f4a96c70b8c36ce4a1475b09f4a4689f1dfb0c97753a
SHA512

508476fd494f233fe5b49aa8293502a28a1a7938ea21632af19687717afaff63f1546e3a453eaa0c20fd9f9d0c3f3acd58a50de52956956bbe6cf4eb8eccf027
SSDEEP

768:PTksTn76p/x5qqVYyElhT5wMk0I9uY+caAZ18FZW7nsFqG7bnn:PTksg/x5qq3Mk0Kys18FG2

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\Programmable	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\LocalServer32	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\TypeLib	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\VERSION\ = "1.0"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TrakNetwork.RAS\Clsid\ = "{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ = "RAS"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ProxyStubClsid	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\ = "TrakNetwork.RAS"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\ProgID\ = "TrakNetwork.RAS"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\0	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\0\win32	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\FLAGS	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\HELPDIR	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ = "_RAS"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\TypeLib\ = "{D49D39A7-DAC6-471C-AF27-3FD4470750BB}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\ProgID	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TrakNetwork.RAS\ = "TrakNetwork.RAS"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\FLAGS\ = "0"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\TypeLib\Version = "1.0"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ProxyStubClsid32	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TrakNetwork.RAS\Clsid	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}\1.0\ = "SocialTech Inc. - TrakNetwork"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ProxyStubClsid32	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\TypeLib\ = "{D49D39A7-DAC6-471C-AF27-3FD4470750BB}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\TypeLib\Version = "1.0"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\TypeLib\ = "{D49D39A7-DAC6-471C-AF27-3FD4470750BB}"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\VERSION	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TrakNetwork.RAS	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\ = "_RAS"	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\TypeLib	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}\TypeLib	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BBB5F93-04AB-46B6-B6F3-C244B08ADB04}\Implemented Categories	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{D49D39A7-DAC6-471C-AF27-3FD4470750BB}	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12438703-41E9-43B1-A577-2C3753BB4920}	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2712	NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.270c2ae1b8ddda9154c0f48d8feafef0.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2712

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads