8009287300b2fb5f295c229fc6f453a06ffeaf23ca116b835dc7b0a4a8bec1e4

Analysis

max time kernel
229s
max time network
268s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Size

29KB
MD5

0f5d1169543209044c80b7f1e19c40b0
SHA1

b8266a6416bd01d87725c1268b8a414f6272e372
SHA256

8009287300b2fb5f295c229fc6f453a06ffeaf23ca116b835dc7b0a4a8bec1e4
SHA512

83110a68b23a10034818862aea281f47bbf8c3a9ee99d79ef26dca0e584f3d0273b39605d4cee3ee66432f080c549b6da19fc0626b36c30de005155acb26018b
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/o:AEwVs+0jNDY1qi/qA

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2716	services.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2640-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2640-3-0x00000000002A0000-0x00000000002A8000-memory.dmp	upx
behavioral1/memory/2640-5-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2640-10-0x00000000002A0000-0x00000000002A8000-memory.dmp	upx
behavioral1/files/0x00060000000120e5-11.dat	upx
behavioral1/files/0x00060000000120e5-8.dat	upx
behavioral1/memory/2716-12-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2640-14-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2716-22-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2716-24-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2716-29-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2716-34-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2716-36-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2716-41-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2716-46-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2640-59-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/files/0x0030000000015c9d-60.dat	upx
behavioral1/memory/2716-441-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2640-490-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2716-714-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2640-759-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2716-1008-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2640-1376-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2716-1849-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2640-1937-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2716-2391-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
File opened for modification	C:\Windows\java.exe	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
File created	C:\Windows\java.exe	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2716	2640	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe	27
PID 2640 wrote to memory of 2716	2640	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe	27
PID 2640 wrote to memory of 2716	2640	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe	27
PID 2640 wrote to memory of 2716	2640	NEAS.0f5d1169543209044c80b7f1e19c40b0.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.0f5d1169543209044c80b7f1e19c40b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0f5d1169543209044c80b7f1e19c40b0.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b237e31e571abfbbcf31412ca29c76e

SHA1
1a4c7fc19d7a0b2f17559cbefd8ee44f29fb7014

SHA256
8cb8eec7d7eb34df302b80c2a7712dd2393344d970a74c6a5148dc9ceed8aed6

SHA512
46f2f8fb388185aaf4425e5a6d1addbe92d4ca5384bf748dcb1df4a8682cce05e1f3d074d504d78aca576905c038f05bfa112a7c310130c828bfb3f6e5068c52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
790046e1b1ffaaa9668d91bf1b722d05

SHA1
5e82a2520d4efcd2652bbbc38b654a4f80496bf0

SHA256
7db7370a664cd2d74522fbedd154111a09af37fee3d160d48a73d7c0b4949a10

SHA512
5176e417e4d68f446a643b8d4fd520d63d202e2fb8d6b5b3cdda3a1ac14e9d8a350811f1ac843ff1d03a1fdec6f222db9b29b95b16e1ce3cee5908231ae98677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69aaea400fbcdbd565ccf057f559ba12

SHA1
10f3500bee528fd73491ca6295dc3cd1b1e53d43

SHA256
fd5c395afc1e6dd3d0ff64b1eb14dd0954fc8372d901fffae005ac193572f609

SHA512
8aad1fded23212b4a51cdedf717f87d42c66868bc3e6d875c8bdc7564f371ca6286ec1703f0dad232080bacd68b11756d7629318c8d77ce29bae446f98e32523

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2824ace52b5eb4381ed5758075fa2f2

SHA1
8af3a0cc9cebb4c2ce3a00f32e3e0f414b0c8091

SHA256
9a491e7072c2ad5fd7b87e9494e1a92f928fa59631c44646d13202b217fd60be

SHA512
5b0dfa15a2975ecf73ff584a91c4f18292ea5978a4c21477283c2ac2cc069693ceeb72a0866b15bdda62e0ebc0e27f079f163ac8ae0ba8a977fdcc273db3caa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f70fa6c4dfb051cd97322a6c12d7642c

SHA1
11810ebccf01546c3a44066fed56476338f0a590

SHA256
072994ae95f52528c67f8fdc0dd0a42bd2e1224596bef9eef0444a6bed58f5fb

SHA512
2f2bd488e705b943603e9eaf5d397ef8543c7f072f1e86b016e3f00b0b85ecab3902b259e455728e0b0e3f3b47b2ca30c04d7c6beb034e7ef7a081d9205ab65c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5694bd04140739bb2ffd46932bef292a

SHA1
ae7b393ebdd10a0c68983889ed6ce6967001acda

SHA256
71bd02814143ed2e2ec2cc50c2973dbadf74c6d29adae14b9295d7555a604d29

SHA512
992d0210ee22349a9152c9562982fe7132462d83338424abe2e5300964faddcdfcb7e9cd6bbc4975386551e8c68c0f9a4487e5f4d4cfb981cf77a66b72e00750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13a919477e66bafee566aaf49c58eeca

SHA1
a99c624da3b610822df2adf3f94c29ca9ba8c902

SHA256
e01240ce2a7791cdd4276774f9738425c458c15529eaec0b58794ea0889ab93a

SHA512
3e0b59a9c80d9a9b5c30fadfafbacc557fcf3159c8c7695d81cf234dc36bcf4577bcfceea8dcd3c01096e01ce36d3ae4fffa0a0386de11ea191237641910e963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd6481bed3cc97e108d195f6ab6da96c

SHA1
6f8c6cb3fdc963f248c8d51e9cf2221e6d918525

SHA256
71884cfe40d6435a07206e03f82e39e0d763aa9ffa4cbf2ea0cd484f2856b639

SHA512
c1353aa0d1cd0c03bf7dd3d895e1ee9ee1dd3209d7e6b3bade64820c8740aa16fb55941c647398477869e11b09a75e607404be988d0dcf4258a3a54702ea77af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81720953e6d0694cf62917a56706f696

SHA1
4acf9e7c405f899635a3913533ebbfb311243eca

SHA256
0e95bef6fc162c1711e1e7a0c7b54eaca66f3bf64f62b7bc719e7f1e12f49ee0

SHA512
a9b58a0c065c1892be8ff4ac0da82f9fb8150cd8fff87a730059a9c793dcf60e739aafbe055b158e7c4262e33edc5981819eeca091b6996573e89aa23e9e9630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9284ed39b8bf2eeb12f956dae573743

SHA1
7b264a2d23c205ee1aca766bd37f7313dc5e7563

SHA256
f8a868e89d1623d55b5ce333af15b77e9521ddd8da385a6badc6cc1071d8e5f6

SHA512
1a3fe1dd3830ffdee4096cc47b395011c69f366bf5277a00221e047ff8be20f82299c819cdba107ab878f0b9c846fa81800fb114ba79cda1bf1cc76b1e01a11e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb4c451d782203d331fb12a2ba12ee54

SHA1
45dfafc022f4172efb37821a33dffbe9425195c4

SHA256
2cac747a1a39791969fe66e77b51b557c4be65ad9ec3d47219d5967624e95c32

SHA512
057a75ab080d0cb7d05ea17dee2a155d1bc6f29ea5b02b0bc6bf697953c354c82c4e047d9f96a443a4efe24e417f2712fd6fd581ccaa3ebe647528314542bd85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa4e3b56abe7ae9c2717ac183a667892

SHA1
4c439d799b2253b157a70c1cd978ac794ca1cc10

SHA256
7e45b8732cf0337b26290369d27aa3e4f2ad37ae74e784fc0ddb9ed26ef723a2

SHA512
be22b021dd478e1119fc30d25a661edea06bb461875d2385c906cbb677228e674b634144748a925f5d5f677432254d7a8a68f9c00e785b35e3e744da4a0a4baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
497285a2e2001e73531d227d72a6c2f0

SHA1
573f251140d3a0178d8225eb712ee1e01bcef178

SHA256
9f346d851ad302145f2fabb77f4e3d5c5f80cf0cda1bf12909897cc1ca4fa548

SHA512
7a6890bec2c070e241048cf0032e9f287532857ab81e2a0afb9c686cbdba01b36e512cb09ccdbfd369b09b15b6b8b3b41fa21b2bb5ede1ad2cc94560ef2c486c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13350b50905988c341fc030a6943a1ea

SHA1
4e9c75fbdf79ba1740244878df97965ea3bf51b7

SHA256
13842b68dd445a45ca881762a2446590994dad891a2e001187a8f9e1951302dc

SHA512
c6e1a1a9274c57ce8df77642e2851f77d1cd8afbeb1243f6338349a64093f04a928960c9106ed4675be4c347d49d47d91ce5d33ce2814f3eaaebcc96e881da8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06ddc977335ff706351b1bdfb8b418ec

SHA1
2d0ae34612ef07ccf24257e144a79d9af3d58f72

SHA256
915b672dfd50a2722967964355956c7fb075c2114558b5f2ce650d98e66f485e

SHA512
f677d7bc545e391dbbffc51fe2ca65cd3be1276afd3fa68c7259f87a5a1b0abd6ebca18f5c31ed15998957e0a42dd66d09e3bcc35c7bfc2c5158e30c14a3d012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
762851b12d3e7f9d8fb5b8c24acd2535

SHA1
67daa1018490e4891078b9775cfb9cf4bbbc9d27

SHA256
19da9ec0994655371ecfaddfa8d004dc9419ffe452f7ff665736e2559200165c

SHA512
d65dd928ccd431d7df9cc0b4698bcd5389f20b3b81c86354d84da6f9e2319f53d6282ac90df80bc3cb2b369a8fe9ab795cb6cfee1ac2f1dac795526f2eb3a092

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e0a76487133bd8d71dff574770f68bf

SHA1
699cff9706f099a4812f6c4003d788574dcd1c63

SHA256
79f2218458b0a1fd211350df8dc20320088129f8c08bae13597003bf4ff06588

SHA512
7040d7f11b00074d9f28523204bcd2cfefcc2a2c17e740a4af1a02ba01f9217f05b19bcea0ae4cbf76acbca99df95b15482ad821a59977eec4da9093374d21b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4fd443e81909ed9e7504c03a6a0b320

SHA1
54af6900c93c532093a48124560368147003c995

SHA256
7292b465dc573c5053203c002e4fc6101b25798bc4172d53b2be6d6ce24e0b9c

SHA512
d6377cfda40402dc96359c309e5d9a20ff5d3f659fc2d0b106f765d0ac74503f5b7f356d6800eee319a586f2ed9ff062b252778a3f0b9b12f96ebf54ade42718

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19ba9be7393eb14a4dc48242649b9e9d

SHA1
15c9b21d82c968bc82f16f1d67b0271c24fe611c

SHA256
28b1b979df8db313ae7c7a774abcb2441cec11f472a2b923da1660d44251b899

SHA512
05825b9917ef1d1d4ab9bd914b72e5f579874ec375c674c9c48741c99e19c41af217b178e33ee43fbede19ebe1ade00047b51b5e6f69b6f3045a999524e8a217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b19018cdd1bb4733724aa93b178c8d02

SHA1
3009fa93afd849169d38ed7cd4ae73d83c7a3cfa

SHA256
d543352b70626baf6305d0e363767164c7fed11e78e09f480dd82c0bf9977fa2

SHA512
88e67cf5dd12d8da2284b01b2fee3a8d3cc9abefbb77890028aff580c3086466fc7cecaa066254062e253a967d519e600bbdcaabd21e416b206b54a679c2ce43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca4b99333584b71188d73390b3855040

SHA1
83ca829f2776393c6ab6ef137484a8f17dad8804

SHA256
e69bea914b30915adcaa21fbdd20231307a47de022e146ee4afbea8ba153a4fd

SHA512
01efe78d6ec4fd8459293271078862875d652f13b87528ba34c9588603f221ff2c3e462c4db4f177f3ceb70c8dbcabf9212563e2d9156a0b6e7b732d153c4a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
217ba3534d96bbbaf852cb06cc501ce6

SHA1
e018944594c64c4602b3d31e6c362699f04b671c

SHA256
6ee46612a85dd1648d9b54921918be69f61c47a818e668b7df5e45e100ca5770

SHA512
17716a6a66c4ba3870dcaab4f5042c7f0b97a326721cd1aec16d18947b628e54a58058eae588a533984ac448a717bc1c15951962ae689ff3d5cc3a1a25f717b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ff4feeb3851990525dcead42ccbfbe6

SHA1
6ef3619b72538544d75fa81d057d6726b8a531ae

SHA256
1ecc6146dafb3aedd2cda0449297c554ca2c329b41c9493637ad6b3801b8331e

SHA512
21279b4367abc3237d2fb0097b4494d441de38f187c5464250e1dcaa96de41182025c3bb374496d3a0223687b631c15299779775c8cd6138b518ba494a6e5341

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31e145b033ff0bae71a6677c4b6e5dae

SHA1
364856905147ad898fd3d654005388834bdd45b4

SHA256
396a93e770fb580280a52174f27d294b42b9499ab9f6ddc5f874396d65ac37e3

SHA512
e41d2ebbae521229449e0d2a754a5d935fc840e801b33cfbf1bdb3ac9899310489bf51496935e6802c1140bf4f0e779b21513325160fc28eef207bb1108265a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dc7af36416c9ca8c3973c3731774ab6

SHA1
ca2dbc4e000993b7e624fb5834ad28dd67c13e24

SHA256
571617a0b66d65afd9f1f652d20d4875fad5abc8c8d1d96b6b46b303bc0fa152

SHA512
a8d1034accfd755734cb1588f2991a370e53eb11c09a9e255637841067b08430e2f40f1a0b9783b7aacd276a904324b53dabdf39d7b0c65d3374849e69707cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7511fe5224715e548af03def96e28345

SHA1
5397e19baa642abd3e5496ec6fbd0ec0b2b7e136

SHA256
2263be21e326da86bbb051fb94adb0b2f8e268fbedb2da9305e987e5b0ebb603

SHA512
d2e8583a0a6321c498ca5b563cd80347223d41e42748bcbd5b195efb270c3b342ea04e184686fc0f215ef25812c3cae21c281e2a618443ca9256be5e17932bd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14083af5ff75eb061aee32ef03870e86

SHA1
c58529a58666d33a96be780d7df2d31db07ab9f3

SHA256
810cc88047683e61296aaddd4650efec61618061d1c38e1634673a98d24d7af8

SHA512
3cd5f22b9c9f8170d0fb019741b890767d0579d1fa91d0fab3127d704d812612ab70b638d8aff1d051c73ae29a7a7d14d05bbddae708a7af20a0d4914ba34de2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5465f667d97928ed11716dbeb3581424

SHA1
f1ebcf1d50b61fe1f7b7da71c918a1aefd66a479

SHA256
1570971d9a0ea049b2d2dc8664c6cefb9f1c93469721ac125d6daaad6c6fbc38

SHA512
8aa69501403a1b9c6b1be5df5ef671cba71516ca5466e769b4e4da8d46736e81f6363fd96fda5224c163567af607ef57c5e45054dc9cbabbcf33b9251e58fb7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e4f447d6e607066251ecba708ee0846

SHA1
d98546bf9d734a386915d80273ccc99050b8a902

SHA256
d05bc8a9bcc921770e493192461381d215a867fc5d708987091213e8e1ee7bd7

SHA512
d165feae17c3e2cc99830da1f7c0ea61417515041088394bc1ea4280d5ab0f3cf51adfb873f61832d0b05ee31eb909e8bb4912491fe61be5de8e64da9b0c37c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cf1612f7b6072f54bac4c6a2b303290

SHA1
2a77d0eebc42e4758d721f6fe18b125fae34ec1d

SHA256
0451976be1291d221f3ab6ce8761b3842e21c40715bc56b54e851ff5f8f9e2a9

SHA512
4a903483363704cc5c04425d6667a071133d9fd7f52b0b235d0d95ab7225dfc1e2fc8ca58624ea673d0b9e1529077c9648af29a642e5b5fbb3bb9ada2f91d652

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b36d689934bfa15b9f7814146d9928dd

SHA1
60186b274ab776cf83a6931f6e6a3d542498a0d4

SHA256
29900439fabdd8f60dc91d441d0565eb398ad7df14790b7a75393ae8acd4c592

SHA512
f920d971640990b9f97d692a2c3886e1cd82f0b50b0206e0be037c62f2818760fbc81e9cbde367685d3565ff8b9b2f3d4cf7e3d7ec5d3a06650bde34b6e5e6f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94ab8cb81a4cb5aea8fdb0a9b4d86d2d

SHA1
6cd218f73488582bdb898fc63501a80c23e2df2c

SHA256
e99703ec355f9a78b2a27786e75ae90c80e9b6b135c3efa0ae062963406da44a

SHA512
6650534405e1d71034a00c560d4da4aa561af62ddd29caf84caf242ebd42fbd823b26d994d1a1e1f5369ed9a8b54c3645b0d6cc5857b16b248a4f301bbf078c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3aba3bfd7b21ae4cb6b07a8406ec564f

SHA1
cdc65a2d437e0a037418e0e2143a4e90f2bb3ecf

SHA256
55af49399989065c0f63c5c49fb7047d62e24b378546fe1e88ae1ad7f6b4e5e4

SHA512
0832ff8081d1ed4e512af762f9388e2b0e9d7c4434309dd5773b37811afcc2720dbf551690b34b7982bc985eaadf06dda9a9be6ac66f7a40e9745fd594ea6561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb5380265589d5ea5c851c3f3885ac8a

SHA1
944b061fa446075129c98e452ebe39f15852ae52

SHA256
069f621c30b4e58a07a1804dcc029a8bce2a2de377eecc9b20f9cb45f7c08cc2

SHA512
2e11185319e69a495cdb8256a3388d9981971acc58fcc45acfe64ce2377fe79e73e3f2964dc5df0ab8cabaddc8d0e9602c602152fda64567dbcb36811a4b03cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe195cbc583e279671d9e6391028e90c

SHA1
7872df98dcb338d75d8c063b6ff9f162f76f3b1a

SHA256
ec32f94e9820103d9ee58dd1023d31145f1a07a84b373f8d0dce9667c2165d5c

SHA512
35134d31103ef1c9c8b455cec3e6768900276370edea5f7a1ccc1c2f6821da8fe59c9a77c3de47da9ad9d51b73ebad852577594dd0096487a47a275622e029c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc5676813437e21d33c4dfa390d5c2f3

SHA1
5bc7724c2cc6ba90091e8579f3a037cfcde8fc99

SHA256
cd3509cc558dddc8fe71332e66ef78b68e0c231c82dcd79edef42810ab50f3bb

SHA512
65d8601472a7038a8acbc4d25f0e62bb4edb6631faafa31cdfa0bbd91872ebda7462340472bf51d1d4f0aab75655fc485aa513b3f9709b792824403276e18374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
059f90aac7f991856c59eee22d33fde7

SHA1
90e322bbfb0f6e72d621823ffd218028e5335891

SHA256
59620045767a9b1b4929dbfd67717853cd3d888643a890c30171ff11665e58f0

SHA512
5910b813f07efce8fbc6aba5c73e7c2e9136deeba904a7dbff3eb90f7f4462f899787e12b5d612d78971cec823b3a0b98cb2d6af2782d0d5ffca6da50cb9657f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67a89f42dd8f7f54ad6aef9b9da07871

SHA1
30a07ba6d13951f3e1a272c3444e4635bc9cf2f3

SHA256
6b057cd64b3cc2efaa60deeac3437eb8da5e8a3a35be874bce6a8d8d7edbb9ae

SHA512
41dc884a75f69dd81196bd2b3b790d08eb9be1aee3af7007fbafcfe3584e583220f9f8ab528b58280bab8fb94f7b93e959305c7f65b4ff8c7a4a60d6bb447e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc3514030a3f297bf800e8723304ac11

SHA1
f25b9ba9c645fd721b0fbd961f3b5bb4e160c655

SHA256
b63365ad873cb56f8582813bdbbf88ecde3b07bc0e8e6fb6ac044a02c672f725

SHA512
f6d1f52fc75a7beb57f01d529f045518ce350ecc3a5cd658e40e7951cb8a17d367ca0bd84c20cecf278b2e8032f3766e2cf8ed869bfb9383013ce9708b7eb4f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2f2796445fbc946d5ff24d9a31a2f1c

SHA1
7fd150d7b14e96e2f1dc0e8de57aec4c9c2d93f7

SHA256
f291d0c6901129c32f0ea5dcea9a4da235489748d68d0808d206198786af9d5d

SHA512
e0136939af29c4b07f8a7c7a692656a5a71b0ad3c078b18073e2f810aea8f5e143fdbfa0218a1142c23e54911d3d904f73a2474a082c73282edf8bab8b2b8cfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8591f66c9b10c7c37c2f1a10599a2d98

SHA1
2a460e4c78f9406aa4e44f60fdf04f598970d4f8

SHA256
b189b6280a60139b904252831e215eb932ae2ed2a472a2ef8dc2d797fcbaa868

SHA512
82a3fecf29879ac429b2ff3b2e659e32084acd97f18b130a6123c09fd0f4ac905c352edc679bea955c0b1093e470749e3998bb736fe04c0247ecc92a805cf174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1a206b68375537a844ec768ba3cb330

SHA1
95b15d53e28d6ec9b3efd5445fb970d66a82890f

SHA256
fc7058bf206000e29ebc592c399c5eb7c9c5c3e7b66b5aaf408be97e504d1b96

SHA512
58abdab80b744336b5060afee9064b0f4ca7fa4d882a616e3bdd3fb142f11cc8822dce62a64f4ef5cef21a33e2b5ee847c09ed9a17a4bd08eb037146836acfcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75f94172174956c07814f6c0e3e77b1f

SHA1
e7908dea06c46d09d1bde72ff3c861d2d1369625

SHA256
8655ad8005ae21addeb83e590e0be45c54de43eab47a2815e614dcd647aa7d97

SHA512
4344fe6e2a649b395bd1c6c9642b96698bb0eeda04b43d6066443a389892f6de39d5b96cf9266ac00baefb7c53e27386e5eb3beae28eaf064d02727ba148a3b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34dfaca47d18dec6b725008561e91248

SHA1
290b12d5146675c329cfc5e169854ca729e71841

SHA256
eb766a7e46506cdf47149b1ee644ab0828634515c62386f23dfbaefc852375c4

SHA512
92c4286b021ccb7e4d19d2e6bdc2f487d527797f47161a0bdfe5bed3dad00ee1ca672be528d58a9854ff08ec0de7bae87a601c6e5414a058a9d3a13ff42e87ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7a2eec9b18e67389cf9fdf39156a658

SHA1
047ca98a613bbc3381c458df72c6177be4bab381

SHA256
d37efa8ef0e39ca8c047ed214491c580e77a421ad81233a6fc629dcdf55802c2

SHA512
7bfeaad72aa66c499c9e821ade7b5c8d565ab959299044e7f8344687d1dbfbad83db69628997ed4aa3f81c4800c1a525c904f26948e1d03762093932c703b267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FH71F1O\default[2].htm

Filesize
304B

MD5
4d1a10f22e8332513741877c47ac8970

SHA1
f68ecc13b7a71e948c6d137be985138586deb726

SHA256
a0dbc1b7d129cfa07a5d324fb03e41717fbdd17be3903e7e3fd7f21878dfbba4

SHA512
4f1e447c41f5b694bf2bff7f21a73f2bce00dfc844d3c7722ade44249d5ac4b50cf0319630b7f3fdb890bbd76528b6d0ed6b5ad98867d09cd90dcfbfd8b96860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FH71F1O\default[3].htm

Filesize
303B

MD5
0a53779b07f9c9c56ef169499851915e

SHA1
281bf81610dae812be159f95a0858f88f9b96637

SHA256
b946117d346ecf850135aae1ac65b368f4effd806bf5180ecd3c585f1324dbd1

SHA512
5a5016dcdeef68be7115eafee0a6844e3cc868fa04f353980d924fca7394962d919d8dece40b15b7ddcc867f956fc8c0e522b68688ca409f1671c39e42973dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FH71F1O\default[9].htm

Filesize
304B

MD5
605de1f61d0446f81e63c25750e99301

SHA1
0eaf9121f9dc1338807a511f92ea0b30dc2982a5

SHA256
049f75dee036da00f8c8366d29ee14268239df75b8be53aa104aec22b84560f0

SHA512
a6a2505b8b89a895922ad6dc06d2ce620cb51cc6582c1b7e498a9f1ee1e4e47c53ebc4f92f8aa37532d558667225e30574732c9fe7187153a262c933893e4285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T67LI6X\default[1].htm

Filesize
304B

MD5
084f55ccad6fddfe1704851a5074a194

SHA1
844821de6a0f3c2410341af6b3979f6b59f16a3a

SHA256
b10034ade693ec98852ac56ed2b784c546aeb3f11593a7ece687b17c283cb4cf

SHA512
776a722ff79b1665f904be9972229f03b67c0a54c9ebb4b639d959e2c87398a3eb5930ebd7c2a03b14ccdbba380ae26ae1ffdbd1f65f8a900fddb4fde467aa31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default8X1ZEJQ5.htm

Filesize
305B

MD5
2c4ce699b73ce3278646321d836aca40

SHA1
72ead77fbd91cfadae8914cbb4c023a618bf0bd1

SHA256
e7391b33aeb3be8afbe1b180430c606c5d3368baf7f458254cef5db9eef966e3

SHA512
89ec604cd4a4ad37c5392da0bb28bd9072d731a3efdd38707eeb7b1caf7626e6917da687529bf9426d8eb89fab23175399032d545d96ab93ffd19dd54c02c075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default[1].htm

Filesize
304B

MD5
8251fff4df202c8d6dd6aaf34f4838ea

SHA1
fa88f08dfdeaff6b86873d447fd26cb7d83a694d

SHA256
a17db628f6bdbf4cdc6fe029542404867306406510dbbdb57a047a75ac294962

SHA512
e9c0fe2a920377777bdda16a8744cf80d15e1d1b3c94b704f8a4c4cf54d2529ede4aea8a2d6d38f4e3c4d02f602edfed659db6613ac7c374e5214a201f16a3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2C485U7\search[3].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA32B.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA35F.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4oUbodpx.log

Filesize
256B

MD5
655afd5f11c6293fea85277ac8199aa3

SHA1
a66ae195f0423a3d1633225baa06c0c11fbc8f72

SHA256
8d53859d938666c5cc439b479fb8b1ed47c996f7a053f57de3abb58ce8e2c375

SHA512
2651e5b024c05bb7ba8005b37cbb64c5074d85c6265165c417a423e2bb667d6cba1df916ca238c3126b6b35aa506f8926dfd26aeede2bd90f78b156273dfc3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9AFB.tmp

Filesize
29KB

MD5
af91478be77a4eb45b3e7f3f87735485

SHA1
f42d34dff59db462b99db44d0b3d47132f73384d

SHA256
18b3c1eca5bf30ce1afc9597e73b313b0f0d1efe99217fb0b8e2bf46fb92bd47

SHA512
ef394026e549108c5d8811f6e6fd2fd19b01a7771d275757a85d06c83c2e9620fa6d148a0eb5e5ed64849bfa38b07c5aadac577c8d3787924664be24e6b62119

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
288B

MD5
56c79d79e05dc12fbd1a68b4a0465af3

SHA1
6e2748b4ea4549f33c13bfe6dbf45afee385df18

SHA256
c71de26797ee43cf40e30c7ed0448acea2c0301d8d7074b2985b500364377b37

SHA512
38f1a40116ef6c60840a40c9c2950687518498506da3d67045fdf67377e9779a2b6c64148dd46aafad7ef4ce5123194da038d87b45f124baf579e1e2d00f66c3

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/2640-14-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-1376-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-59-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-759-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-3-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2640-5-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-1937-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2640-10-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2640-490-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2716-29-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-34-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-22-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-1008-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-36-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-12-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-2391-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-441-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-714-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-41-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-46-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2716-1849-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads