2e6f86793ece95d4ae61c8113dd5210f7037d51a918bed8d96b0683d1e7f6385

Analysis

max time kernel
156s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 14:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.868fdb2f6335e666a58927cc4ea77500.exe
Size

1.4MB
MD5

868fdb2f6335e666a58927cc4ea77500
SHA1

aa470efd1ee1990ce45598962178f7e7b84d3771
SHA256

2e6f86793ece95d4ae61c8113dd5210f7037d51a918bed8d96b0683d1e7f6385
SHA512

11cc3d622c3bf2f5606ed5bdd74bc88ae63b1de3b95ea05fc2ad019103f9f8c534d236bbbe0d896ce0f99f9b5f36594b85071a22ebafb09a40036f181e1a9c44
SSDEEP

24576:wVDD9T1zQNy3oPBRVzOVzO4fNUYp8Qp8IzOtN4ipKkpKvnbDow+XNuzjktZNQ3Nv:wFDm4nmHV4HJJTOg3P

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1480	3028	WerFault.exe	43

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	684	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3028	NEAS.868fdb2f6335e666a58927cc4ea77500.exe
3028	NEAS.868fdb2f6335e666a58927cc4ea77500.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.868fdb2f6335e666a58927cc4ea77500.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.868fdb2f6335e666a58927cc4ea77500.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 18224
  2⤵
  - Program crash
  PID:1480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x538 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3028 -ip 3028
1⤵
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
5KB

MD5
4c16c5a8a69d7d67b2759d384424e197

SHA1
557c703cceba92b722ff0b8dd26c5dc97ef552af

SHA256
7bfba9eec929f6381f2ce1f70686eb3f57d116d79119476710d78f2551b4561b

SHA512
a6af13c4317a3dc8f0e44d0193c70bc18728f644bc436feac9faa7f1e70bf06589410b615830ea91af7619f719112d0e15e5dce1caae023700731e49c94f5c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
322B

MD5
74ca7de394e086030cd125e6ae57e422

SHA1
87be4a03aee7fde47104f42734d41424f29d8ab5

SHA256
20a00e3346c96e06b9bc980f971bee2363e9f60cc599fa6c5ec4c3aa73b735fd

SHA512
94b72d95d623ca7e2714afaee25b0719cdeb99216d85205dbec93d6a91082c9cf41ad413b4beb3b41c62d0e1d967fdb371d5feeeb8543ceb809992ff26c7dab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
1KB

MD5
efc7515f1506059a5c2cfe2425e3d629

SHA1
431116f810446a0d1e92cac41b84de93ff7562aa

SHA256
0e22d55df607200ad2a6b2b67a0dbae0efaa7bf7f6779be662da7af79240943d

SHA512
e281a499443857cfe9b289aa7630236a9cb807aeb3388971809668c71d9cc0ba9a2fa246cc906f96fa22ab5d3cc45295a87ce9adba35ef5edb176090567007e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
1KB

MD5
69bda712f06c4eee0205be643b422e5e

SHA1
26d2018f56a7028e5cdf4b4eefcff6be3318c2b1

SHA256
c5ae28bb6443a49026ced25da44c9358bb5a0a705be9fdbd720d62d9e2b41ace

SHA512
f0f45a1ef1d12c243e482db9e8d747f68b4835e259f986f9f47454f92fea5e70cd5556eedbe9cd53b6512ae9a97b34ffdc0f461ed7ec9bda6c111ef2c2f1de87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
322B

MD5
74ca7de394e086030cd125e6ae57e422

SHA1
87be4a03aee7fde47104f42734d41424f29d8ab5

SHA256
20a00e3346c96e06b9bc980f971bee2363e9f60cc599fa6c5ec4c3aa73b735fd

SHA512
94b72d95d623ca7e2714afaee25b0719cdeb99216d85205dbec93d6a91082c9cf41ad413b4beb3b41c62d0e1d967fdb371d5feeeb8543ceb809992ff26c7dab7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads