1c72ad50cb09a54400a7bc53b6a01a7db32666ddc709dfd125ff5384339ff9d5

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 13:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9f91d5f512ed1ddfbf31ae2877ec9800_JC.exe
Size

365KB
MD5

9f91d5f512ed1ddfbf31ae2877ec9800
SHA1

23ee0c0f779bc237fcf0acd83ff1349724b9d786
SHA256

1c72ad50cb09a54400a7bc53b6a01a7db32666ddc709dfd125ff5384339ff9d5
SHA512

e5729a7b96b2177c2b46eca9aeae63a14b0b4bf084e2f1b2099d644de5e8f0089318d3316f4b334147b2336ac4e709edb52c398475951822e99869d00ae9c866
SSDEEP

3072:R4wsgTsDAJJRjONJQcwAOwzy8f1StC4SZmGTLFZhh2D+0caj3kyRACE2ux:R4wNJJOJflpd46ZLn9ozE2ux

Score

8^/10

persistence upx

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4448	axfniqh.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/460-0-0x0000000000400000-0x000000000045F000-memory.dmp	upx
behavioral2/files/0x0009000000022cd0-6.dat	upx
behavioral2/files/0x0009000000022cd0-8.dat	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\axfniqh.exe	NEAS.9f91d5f512ed1ddfbf31ae2877ec9800_JC.exe
File created	C:\PROGRA~3\Mozilla\bqqaoam.dll	axfniqh.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.9f91d5f512ed1ddfbf31ae2877ec9800_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9f91d5f512ed1ddfbf31ae2877ec9800_JC.exe"
1⤵
- Drops file in Program Files directory
PID:460

C:\PROGRA~3\Mozilla\axfniqh.exe
C:\PROGRA~3\Mozilla\axfniqh.exe -pdtylqd
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\axfniqh.exe

Filesize
365KB

MD5
54ae98accb96dd39ddc13bb8430ed3e6

SHA1
8d5944b5945b77da93a09be38774ec17749f0e0c

SHA256
412be2b4fdb4992997c48ac606e2a4e5cb526301c399eed1a41ffbba9de9a9a5

SHA512
e65d0fd45a51ce0183e5f067c77d77a77d7859e646dcb3a8b5094432d35df37947bb4b5bf8c626976cdaa22309c5515a95175bc86bb277ca07ae4dc0113278e7

Download Submit
C:\ProgramData\Mozilla\axfniqh.exe

Filesize
365KB

MD5
54ae98accb96dd39ddc13bb8430ed3e6

SHA1
8d5944b5945b77da93a09be38774ec17749f0e0c

SHA256
412be2b4fdb4992997c48ac606e2a4e5cb526301c399eed1a41ffbba9de9a9a5

SHA512
e65d0fd45a51ce0183e5f067c77d77a77d7859e646dcb3a8b5094432d35df37947bb4b5bf8c626976cdaa22309c5515a95175bc86bb277ca07ae4dc0113278e7

Download Submit
memory/460-4-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/460-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/460-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/460-7-0x00000000020B0000-0x000000000210B000-memory.dmp

Filesize
364KB

Download
memory/460-1-0x00000000020B0000-0x000000000210B000-memory.dmp

Filesize
364KB

Download
memory/460-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4448-11-0x0000000000D90000-0x0000000000DEB000-memory.dmp

Filesize
364KB

Download
memory/4448-12-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4448-13-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4448-15-0x0000000000D90000-0x0000000000DEB000-memory.dmp

Filesize
364KB

Download
memory/4448-16-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4448-18-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download