8247b726b43ca5543b2a04c4e8a7ba12fc1e13a4faa4551aaf3044903548b2c5

Analysis

max time kernel
123s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe
Size

153KB
MD5

93dbda4f15c1e347ff3b9e21a75f9ab0
SHA1

616b15fa23a8cb58c2d7c0cb8b0668ebbc730600
SHA256

8247b726b43ca5543b2a04c4e8a7ba12fc1e13a4faa4551aaf3044903548b2c5
SHA512

4cad8f1b76158f792eee9882e0cc80aab2731c3642649752785a41a4a23b8ec980fa84cae5d577719c71cfb9ecc66bda4936999e2d8478f11b4b1c6a885efd9b
SSDEEP

3072:Rrn7CoWd07esc3BUEgiahMdnZylqQFB07Pnae:VCoWd0kSEgiiAZc1B07vae

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1992	axfniqh.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\axfniqh.exe	NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe
File created	C:\PROGRA~3\Mozilla\bqqaoam.dll	axfniqh.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2216

C:\PROGRA~3\Mozilla\axfniqh.exe
C:\PROGRA~3\Mozilla\axfniqh.exe -pdtylqd
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\axfniqh.exe

Filesize
153KB

MD5
b536898fcba9822ec69b7e6cbe93e1d0

SHA1
11eaace524ab8336f51147d5e6237e71ae05189b

SHA256
c10fad809d70f8a7f4dde2c1009f95fa1317f53144dc7f18dbf9a16fa303127b

SHA512
d0f4ffb3c33fae2593cb60f2d6006cbec40c3a5eb45c2c6778f1bfa176b1748a08350a9e3d4066f2a2479aa84eb565d4fe14f85c953c1fa185d365bde01aa6ca

Download Submit
C:\ProgramData\Mozilla\axfniqh.exe

Filesize
153KB

MD5
b536898fcba9822ec69b7e6cbe93e1d0

SHA1
11eaace524ab8336f51147d5e6237e71ae05189b

SHA256
c10fad809d70f8a7f4dde2c1009f95fa1317f53144dc7f18dbf9a16fa303127b

SHA512
d0f4ffb3c33fae2593cb60f2d6006cbec40c3a5eb45c2c6778f1bfa176b1748a08350a9e3d4066f2a2479aa84eb565d4fe14f85c953c1fa185d365bde01aa6ca

Download Submit
memory/1992-12-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1992-13-0x0000000000C40000-0x0000000000C9B000-memory.dmp

Filesize
364KB

Download
memory/2216-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2216-1-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2216-2-0x0000000001FD0000-0x000000000202B000-memory.dmp

Filesize
364KB

Download
memory/2216-7-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download