d433e71fce6265e7378e8a845dd27c185fbb73f3ccff4128495151aa5783ac97

Analysis

max time kernel
144s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
Size

794KB
MD5

6e2261bdb006ada868bf61c4b88e05e0
SHA1

7329231bd2b87ccb2fee793e7f6a7d726c9b4f89
SHA256

d433e71fce6265e7378e8a845dd27c185fbb73f3ccff4128495151aa5783ac97
SHA512

431ba4655ecd40f43218ccea6b0dd66f58da05c07fa9ada139ddba8a79e71b70f0d144ee13c191a18fbe65207f6c79c5895fe5f163d1c9ea87fb56c6cd6e7a7f
SSDEEP

6144:tY76k1Ndxi3vkcNRhjioOm3n/97TW6Yr:tYl1Tx6nhjim+6Y

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe
2168	WMPDMC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 1580	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	28
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29
PID 768 wrote to memory of 2168	768	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Windows Media Player\wmlaunch.exe
  -p
  2⤵
  PID:1580
- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
  -qf
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\omi\bsp.nor

Filesize
1KB

MD5
5140b2ba7ae4a6b2cd636aff8fd4570d

SHA1
4cadc651b51bd8c1c120f528ae58a43566b16c0e

SHA256
acaef03e0d0025de23a3fe2371115b4db6d9662cbca92853461ed8371e05a436

SHA512
e2bd482e9b516d534484a1b04282c6eedcf1ac437ded176c123acadf837c849e2b007a091d21ed4a4b647990ea50c4b257e679a08424d1deaf18c4a5aa863441

Download Submit
C:\ProgramData\omi\enqw.klp

Filesize
576KB

MD5
3cebbeb0db884c118981911c7b6f310a

SHA1
ae5d016b0f0174f43f9460a3db9e358bcf302ed4

SHA256
4fd74d6285b21434fba6dc8d2d02ac0486a0b31cdb85af932a9b432d28cd5030

SHA512
6b6dbe2ca03c6fd84fc50422a508486759bcab1ef632052fc60ccb059be39a357ae57bf254e3a0c285834ba623024573448d5b1b51d20e8900619fa6b5ef8683

Download Submit
memory/768-4-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-3-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-5-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-6-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-0-0x0000000000270000-0x0000000000277000-memory.dmp

Filesize
28KB

Download
memory/768-11-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-13-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-12-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-39-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-30-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-38-0x0000000000270000-0x0000000000277000-memory.dmp

Filesize
28KB

Download
memory/768-2-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/768-1-0x0000000002410000-0x0000000002536000-memory.dmp

Filesize
1.1MB

Download
memory/2168-21-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-29-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-22-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-23-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-19-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-18-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-26-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-27-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-28-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-20-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-17-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-16-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-15-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-40-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-41-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-42-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-43-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download
memory/2168-44-0x00000000001C0000-0x0000000000201000-memory.dmp

Filesize
260KB

Download