55d7eb03f659188e9463b4230f080269d1402baf8b14302bcab116534c646c14

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Size

55KB
MD5

3e06d148234d34bc5993ef671ea0a470
SHA1

b6d490e69c9f3038345ecb58a20ee17300661ac7
SHA256

55d7eb03f659188e9463b4230f080269d1402baf8b14302bcab116534c646c14
SHA512

1120be904a51b97d439ffafb003b3a2a3d7e21642d1c3a487028390f43803442438413040c10fba77ad2626058a2baf62518b5298a18bb5dc662c5da380aad0a
SSDEEP

768:AbFw+UxmBmr98yj2rRHcyr2T7lOlmz7Qn0I7/yMGGbrm/Sf4TiuElvbMcpoNL4+L:Ab4R9p8H1r6Slumz3CNL4+462L2

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Pjldghjm.exe	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
File opened for modification	C:\Windows\SysWOW64\Pjldghjm.exe	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
File created	C:\Windows\SysWOW64\Lnhbfpnj.dll	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lnhbfpnj.dll"	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3e06d148234d34bc5993ef671ea0a470_JC.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-6-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2568-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2568-7-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads