d433e71fce6265e7378e8a845dd27c185fbb73f3ccff4128495151aa5783ac97

Analysis

max time kernel
144s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
Size

794KB
MD5

6e2261bdb006ada868bf61c4b88e05e0
SHA1

7329231bd2b87ccb2fee793e7f6a7d726c9b4f89
SHA256

d433e71fce6265e7378e8a845dd27c185fbb73f3ccff4128495151aa5783ac97
SHA512

431ba4655ecd40f43218ccea6b0dd66f58da05c07fa9ada139ddba8a79e71b70f0d144ee13c191a18fbe65207f6c79c5895fe5f163d1c9ea87fb56c6cd6e7a7f
SSDEEP

6144:tY76k1Ndxi3vkcNRhjioOm3n/97TW6Yr:tYl1Tx6nhjim+6Y

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe
1556	wmprph.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
Token: SeDebugPrivilege	1556	wmprph.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91
PID 3944 wrote to memory of 1556	3944	NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe	91

C:\Users\Admin\AppData\Local\Temp\NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6e2261bdb006ada868bf61c4b88e05e0_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Program Files (x86)\Windows Media Player\wmprph.exe
  -m
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\xw\lakcm.qil

Filesize
580KB

MD5
83f2c81153bd8fe1aa4b8778d8b0e177

SHA1
b0fa7fba1fe56896e9ae19d7e4030f83a2273788

SHA256
610067a698d5ae279dd37d5e291729ae07442706a3734a941f382134c4d2da41

SHA512
54b927054f1e9bc7bd56082b8f3c8ea3f9014abd08864787ee37f756b5071b5f44b2f3eb866dc62b7152013b5cba9014b8969cbea2c5f7a7a889fbe878bd964d

Download Submit
C:\ProgramData\xw\yjbuzm.fru

Filesize
3KB

MD5
597676cb04e861f015669bb5635e10ef

SHA1
37a8ed6ddb3ff38ab040df710fb1c5663e9fff07

SHA256
b78b799eb9efbe0b4c7bce85e91ce5fc0d23ff2d2ef1eaf3ef93562c2431b741

SHA512
8ba25131752d484e688e8aa3e30115b2b83cefe568d45fde2f40d83061debc7295d12886f67fb17bf6a278ba4588a68b53c7416fc994de60d362018c0e39381f

Download Submit
memory/1556-36-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-16-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-45-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-44-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-43-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-42-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-41-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-40-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-23-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-38-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-17-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-18-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-19-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-20-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-39-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-21-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-15-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/1556-22-0x0000000000780000-0x00000000007C1000-memory.dmp

Filesize
260KB

Download
memory/3944-2-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-26-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-34-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-35-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-0-0x0000000002290000-0x0000000002297000-memory.dmp

Filesize
28KB

Download
memory/3944-1-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-25-0x0000000002290000-0x0000000002297000-memory.dmp

Filesize
28KB

Download
memory/3944-3-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-13-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-12-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-11-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-6-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-5-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download
memory/3944-4-0x0000000002910000-0x0000000002A36000-memory.dmp

Filesize
1.1MB

Download