05b1d98ac6c2b7e4137117e436a625ca890b662c486ae1a0a4dfa5534fc9a081

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 20:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d02d2b6bdfd5b92abcb4b94e9b1e14c0.exe
Size

199KB
MD5

d02d2b6bdfd5b92abcb4b94e9b1e14c0
SHA1

4acd7f2ce611c7d38d0bc5bcd474438aa3855e92
SHA256

05b1d98ac6c2b7e4137117e436a625ca890b662c486ae1a0a4dfa5534fc9a081
SHA512

7fddbdd0f098ef75803da4af86de8c52c7995d0ec82dfcbede3c0d3d6f053cd25abb27fa61cc8e6e96d226e186bd76fcc5d12b7d179a7ca14d059f0710ac6a38
SSDEEP

3072:gwnvjgmOlcIcka0lktlDjSTrcsNHGlt0qzbgCNYydJATCBKaypGQUKHgsIw:lnvjomP/kk7+X+SSuydvKbKKHgs9

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2600	suvkbwn.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\suvkbwn.exe	NEAS.d02d2b6bdfd5b92abcb4b94e9b1e14c0.exe
File created	C:\PROGRA~3\Mozilla\wfwcssm.dll	suvkbwn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2600	2844	taskeng.exe	29
PID 2844 wrote to memory of 2600	2844	taskeng.exe	29
PID 2844 wrote to memory of 2600	2844	taskeng.exe	29
PID 2844 wrote to memory of 2600	2844	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.d02d2b6bdfd5b92abcb4b94e9b1e14c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d02d2b6bdfd5b92abcb4b94e9b1e14c0.exe"
1⤵
- Drops file in Program Files directory
PID:2152

C:\Windows\system32\taskeng.exe
taskeng.exe {F18B92B6-C6EB-44B9-88DE-4C99E147CF7F} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\PROGRA~3\Mozilla\suvkbwn.exe
  C:\PROGRA~3\Mozilla\suvkbwn.exe -tlhykym
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\suvkbwn.exe

Filesize
199KB

MD5
39f4805a291858f1e92dd2ce929fff77

SHA1
15774f7321dd1d852754853a07eb597858614c78

SHA256
79d91e49674fb6a8c6bb54d6bc5589581663a52566d87f220fe833ed717463a5

SHA512
246389a20fb18bf9d31d4bf99b5c389ca931c8934d96197aaea1bc9221aa1dabe4b4b8ccb7f7badf5c63b6476670978fabd6b485f768c78601c12171f127f38b

Download Submit
C:\PROGRA~3\Mozilla\suvkbwn.exe

Filesize
199KB

MD5
39f4805a291858f1e92dd2ce929fff77

SHA1
15774f7321dd1d852754853a07eb597858614c78

SHA256
79d91e49674fb6a8c6bb54d6bc5589581663a52566d87f220fe833ed717463a5

SHA512
246389a20fb18bf9d31d4bf99b5c389ca931c8934d96197aaea1bc9221aa1dabe4b4b8ccb7f7badf5c63b6476670978fabd6b485f768c78601c12171f127f38b

Download Submit
memory/2152-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2152-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2152-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2152-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2152-7-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2600-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2600-10-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2600-14-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2600-16-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download