1e6765ae61d78cd514e67b8d6b7a4ebe49dbd8ea40d7a9818d9eacbd53e0cb2c

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.88c07b3db4ac60d2980ae7b477a4e780.exe
Size

133KB
MD5

88c07b3db4ac60d2980ae7b477a4e780
SHA1

a6294486797548eeec1a3fc7055b23048f358a21
SHA256

1e6765ae61d78cd514e67b8d6b7a4ebe49dbd8ea40d7a9818d9eacbd53e0cb2c
SHA512

7e689ffa27dd214b86f4c77aa15b60483a0d8241cb92221ee66dce420f8ae038e0339fe5f441c600a21a3d319ad40319577617546b799f3b8f0102f3ecaa19fd
SSDEEP

3072:DzuS8/QUxm3M0xQsHxo5Wy7vwlsAQPUakK+2YEIIXwj/Q4l1zvHl8:DO/QUx90lSYokKPva/q

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
936	axfniqh.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\axfniqh.exe	NEAS.88c07b3db4ac60d2980ae7b477a4e780.exe
File created	C:\PROGRA~3\Mozilla\bqqaoam.dll	axfniqh.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.88c07b3db4ac60d2980ae7b477a4e780.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.88c07b3db4ac60d2980ae7b477a4e780.exe"
1⤵
- Drops file in Program Files directory
PID:5068

C:\PROGRA~3\Mozilla\axfniqh.exe
C:\PROGRA~3\Mozilla\axfniqh.exe -pdtylqd
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\axfniqh.exe

Filesize
133KB

MD5
624c29ca4772714cee03e8d98b17ebff

SHA1
0361805d3a4d6f58f97a23edf601b2683cab3c98

SHA256
5e860b567ba1d9f32b8ddea0a99a3dcf5d9dad26819ad0b4370a96bdaed06195

SHA512
4dce96c60335f3e84c77b57d34c33185bab39c37774f989b1cd95f58bb9bf642bd7926f393b0f96da5687d46865d93bfeb84eb7c9f40d13f97396d1b37b3f2fc

Download Submit
C:\ProgramData\Mozilla\axfniqh.exe

Filesize
133KB

MD5
624c29ca4772714cee03e8d98b17ebff

SHA1
0361805d3a4d6f58f97a23edf601b2683cab3c98

SHA256
5e860b567ba1d9f32b8ddea0a99a3dcf5d9dad26819ad0b4370a96bdaed06195

SHA512
4dce96c60335f3e84c77b57d34c33185bab39c37774f989b1cd95f58bb9bf642bd7926f393b0f96da5687d46865d93bfeb84eb7c9f40d13f97396d1b37b3f2fc

Download Submit
memory/936-12-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/936-13-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/936-14-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/936-18-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5068-2-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/5068-1-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5068-3-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5068-6-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5068-8-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5068-11-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download