28ec520ce7dbb81ae7e67c3ed366529b2b257a0f35bbf8b1758e8d150ed6fcfb

Analysis

max time kernel
151s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 08:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
Size

6.9MB
MD5

cec53d4095bec3ab42cfb5e76d4e7700
SHA1

a9382405a266a005c8959d213fde7228d79d864f
SHA256

28ec520ce7dbb81ae7e67c3ed366529b2b257a0f35bbf8b1758e8d150ed6fcfb
SHA512

b8a1af6b6b87676226d0a5abd747fd8985219b5c22593aedbe81c175abc00169f69b35ff1fd1399972e0ca6805b3992ed335dc9caa395f7bb2928191df41c342
SSDEEP

196608:Ub3bPk5HyC8k5h/wDdEoNiV4I/WWwA7mIb1zRbqVVS:Ub3bPk5HPhJCIb/KS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/2816-2-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x000100000000ea76-6.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\clip.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\mobsync.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\srdelayed.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\regedit.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\icacls.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\ddodiag.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\fltMC.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\poqexec.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\PushPrinterConnections.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\diskraid.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\extrac32.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\iscsicli.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\WerFault.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\cscript.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\xpsrchvw.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\winver.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\netiougc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\findstr.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\mmc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\mountvol.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\sc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\tasklist.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\wusa.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\fixmapi.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\gpupdate.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\net.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\rasphone.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\relog.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\RmClient.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\unregmp2.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\credwiz.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\mshta.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\Dism.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\print.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\taskkill.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\gpresult.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\sbunattend.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\taskeng.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\find.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\winrshost.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\perfmon.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\rundll32.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\SysWOW64\wuapp.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_50ecc9ae1d642aa9\eventvwr.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgradeui_31bf3856ad364e35_6.1.7600.16385_none_4aadf3be188c056d\WindowsAnytimeUpgradeui.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_38dc646bf68909f4\cmdkey.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-secinit_31bf3856ad364e35_6.1.7600.16385_none_e3ace21ee6af3fb6\secinit.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\ehome\ehtray.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-charmap_31bf3856ad364e35_6.1.7600.16385_none_4e4eaf05be0c2d8f\charmap.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_d009281f9a108e04\mshta.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7601.17514_none_78875ce737927d27\sppsvc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisrstas.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\newdev.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runonce_31bf3856ad364e35_6.1.7601.17514_none_73e0da0bd5a77c41\runonce.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638\bckgzm.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.1.7600.16385_none_1c98ed5d08db04ce\Mahjong.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\ehome\wow\ehexthost32.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065\nfsclnt.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmEngine.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.1.7600.16385_none_5a9496fc0f35b80b\DWWIN.EXE	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628\gpupdate.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmUi.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_06b1c513739fb828\osk.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_0c19cef0ed2a642e\setup_wm.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridgeunattend.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\ehome\Mcx2Prov.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22091_none_d2b1c721321aadf8\conhost.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_e47ee9c51ad9df17\ktmutil.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_6.1.7600.16385_none_7861b83567d966e6\ksetup.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01\BrmfRsmg.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..xing-service-server_31bf3856ad364e35_6.1.7601.17514_none_0db5e5844ed6ffe9\CISVC.EXE	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6\logagent.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudc-settings_31bf3856ad364e35_6.1.7601.17514_none_b84dc938eed78546\eudcsettings.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\print.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_6.1.7600.16385_none_fa057619380ff901\nbtstat.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683\driverquery.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_dea50217efd0356b\msfeedssync.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\ehome\ehmsas.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\servicing\GC64\tzupd.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1\pcalua.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.1.7600.16385_none_b444164f1eecd3f2\cacls.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe	NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cec53d4095bec3ab42cfb5e76d4e7700.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Filesize
7.0MB

MD5
185c851e742cd8a53f3e884e8a1bc59e

SHA1
ef9e9ad0413268621071da2d5d9e6da7cc7b613f

SHA256
cb85b5d5e26b88810bcc31e2f9094df2911ac09866b27a6eb86bbf76cfce8654

SHA512
c29bb069a7221ebb3b8cf04e58cb37bdc5b11b4df91ea27a13fb601d9b066e3a7b3b4e9e946d70bd25f3fdff51d2460db548010a664ca9fa45988bd48772c357

Download Submit
memory/2816-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2816-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads