17ab4982fdfee8e8f2f078d358f0ad42e49c35152727b4ac1f718269e9370217

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe
Size

310KB
MD5

05ac59a5c18feb638151b5245d21f3c0
SHA1

260974581011b70b52b6d459894053fcaa49580f
SHA256

17ab4982fdfee8e8f2f078d358f0ad42e49c35152727b4ac1f718269e9370217
SHA512

30bae4ba2e830126e0c641be608669e976989e58d8703934b20f9618be0c7de5da71d34f274ab83dc5df297d8af760231d7c2553d6eb1d3b44347a3f38bdddba
SSDEEP

6144:RV24jwRTGLyog2fsAu6i6xgB1A/W1Z0fu96euFeYy:RV2mwRTyyog2fsz6xgBumj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1100	NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe
1100	NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1100	NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1100	NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe
1100	NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.05ac59a5c18feb638151b5245d21f3c0_JC.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bhs5E46.tmp

Filesize
242KB

MD5
f6cb534a58dcc29446b518fd294e82ad

SHA1
797935cd7ab355a55efa733fe8d7aadd09167d4b

SHA256
e7060cc8801db67b198e276e6f92355137ea3afd39797bf6b973b0bc822828df

SHA512
30738a097c8c9eecd0fc27b3d02796e5c9400bf7214710e57d932348bfe4752ce80dd6bd0d24c254b3032226bd017b7201a920d8a5b02e37d61a38c171bf28cb

Download Submit
\Users\Admin\AppData\Local\Temp\bhs5E46.tmp

Filesize
242KB

MD5
f6cb534a58dcc29446b518fd294e82ad

SHA1
797935cd7ab355a55efa733fe8d7aadd09167d4b

SHA256
e7060cc8801db67b198e276e6f92355137ea3afd39797bf6b973b0bc822828df

SHA512
30738a097c8c9eecd0fc27b3d02796e5c9400bf7214710e57d932348bfe4752ce80dd6bd0d24c254b3032226bd017b7201a920d8a5b02e37d61a38c171bf28cb

Download Submit
memory/1100-2-0x00000000009F0000-0x0000000000A32000-memory.dmp

Filesize
264KB

Download
memory/1100-3-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/1100-4-0x00000000048D0000-0x0000000004910000-memory.dmp

Filesize
256KB

Download
memory/1100-5-0x00000000048D0000-0x0000000004910000-memory.dmp

Filesize
256KB

Download
memory/1100-6-0x00000000048D0000-0x0000000004910000-memory.dmp

Filesize
256KB

Download
memory/1100-9-0x000000000A280000-0x000000000AA26000-memory.dmp

Filesize
7.6MB

Download
memory/1100-17-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/1100-18-0x00000000048D0000-0x0000000004910000-memory.dmp

Filesize
256KB

Download