9af39d987508811ee9c7d084a69b98d363bb0a01973d2ff8f2949a611c3a3f8a

Analysis

max time kernel
202s
max time network
237s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9591774a975a5ac69f265f937559d070.exe
Size

29KB
MD5

9591774a975a5ac69f265f937559d070
SHA1

1f22efe69e56efefb655ecb96ba1d4a07d8752e9
SHA256

9af39d987508811ee9c7d084a69b98d363bb0a01973d2ff8f2949a611c3a3f8a
SHA512

4d9a66edba6eba567fb3de86e1bb94039c733e9d60f01c1e4679895030818209338a8632f73bd4ceecc6429749bc2689bc8fa500cf4cd73a93172bbb5ae33be0
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/RQ:AEwVs+0jNDY1qi/qpQ

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2024	services.exe

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2804-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2804-3-0x0000000000220000-0x0000000000228000-memory.dmp	upx
behavioral1/files/0x000300000000b1f2-7.dat	upx
behavioral1/files/0x000300000000b1f2-9.dat	upx
behavioral1/memory/2024-10-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2804-12-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2024-14-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-28-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-33-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-38-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-40-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-45-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2024-50-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x002f000000015c0f-63.dat	upx
behavioral1/memory/2804-79-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2024-82-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2804-798-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2024-851-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2804-1136-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2024-1271-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2804-1913-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2024-2019-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2804-2264-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2024-2269-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	NEAS.9591774a975a5ac69f265f937559d070.exe
File opened for modification	C:\Windows\java.exe	NEAS.9591774a975a5ac69f265f937559d070.exe
File created	C:\Windows\java.exe	NEAS.9591774a975a5ac69f265f937559d070.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NEAS.9591774a975a5ac69f265f937559d070.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NEAS.9591774a975a5ac69f265f937559d070.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NEAS.9591774a975a5ac69f265f937559d070.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NEAS.9591774a975a5ac69f265f937559d070.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2024	2804	NEAS.9591774a975a5ac69f265f937559d070.exe	29
PID 2804 wrote to memory of 2024	2804	NEAS.9591774a975a5ac69f265f937559d070.exe	29
PID 2804 wrote to memory of 2024	2804	NEAS.9591774a975a5ac69f265f937559d070.exe	29
PID 2804 wrote to memory of 2024	2804	NEAS.9591774a975a5ac69f265f937559d070.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.9591774a975a5ac69f265f937559d070.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9591774a975a5ac69f265f937559d070.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f20682be1d31497eea7be2c7876ea2f

SHA1
744c6fdea40979eb427457410716ff71dad67a95

SHA256
f4a8d6bdc034015f01d2cdb62ccf491a2e035d9b1bdb8ef43378fb7119e2e0f7

SHA512
b81dbe2c7d149212acdd0a6b3d7c6ace31e1443954073a2e1e378e17fa9f7ef3b2a8bd9fe00b078cb0fd66b4e65a210f0b20736734e43c0be48da5e57ce4e36b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37e39083270cf19dd6e20d3cee02fe5c

SHA1
12a1a0bfedad5da3d407474c2d134b70cffc9b3f

SHA256
14161904942d414563ac97767a07fd5e998b48fb3575c6d463e676ba444e4958

SHA512
028725c7a3f3fd26ebc5d50b5bc7757906976a45ba313f2783c1e96c49b42a929c39231b40c6c26fc662f159458015eb1f3fd183725bc2b49118c07d15b9020f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc67dec6416c11945b2b75c214fa4194

SHA1
0b71b39e4f31238f4902a8a775c84fde4abb6ba7

SHA256
93250c645a2a7d6fbc64eaabd0d9cdc0794588d28c2fe8863bbf3d40f30b1c39

SHA512
e59a7910c081c1aa716976c19881b46b93a4ff4581ecd57d51bc52ee81e67d6b306f7bf47c2903dfb8583c2e19be604d01f1f5d7da7872e4a242aeb904e94edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
637730072cc1bee530952df711b9f1fc

SHA1
7f712e2170db20f0ce3fecfa4627c5eb3f0e3f92

SHA256
1d7c3400fa1557a5050e4494b7595f612803e28158d1530a5532e51ca1ead6d0

SHA512
c1de15b5825b3aaf32ae308fe8aac54b43cd6fb1081495939d9c7bb63ce7f3e03b35465ab89df94b51497c4288e227bcac3c3fab98d3617bbbb4a8f93338bd4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
596a8cde09f46d1b94d5be79e40cc189

SHA1
503cae9305b3697351324c260092f105d8ec5b3b

SHA256
1e8f7e3c47b470ec4b6ede04d14f242835ca84d084e8b60002378d110e5ba5a2

SHA512
3c544769f6503c06700ea93cec85815d71b33e616a68f9368ea1a658c73331cb970aa0ee8d84b069b1642d8cc2a3bb4b157e2d6ac5361c53e908580740e2a58e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98201bc9c6b5831359ae5bc01cf9d21f

SHA1
3ce5f3a903aa209ee7aef131ed3060ffda4c1aae

SHA256
8b8d3f22843e3538dbbfb563a83d355468c887c48043bb4adc5ae1e84deee13f

SHA512
9f8342da22d7ec9c52016ccf5148be56e2d4030af756a81ea202b2ef9037d499c3074efbf803ece5f271e358bc908adea48cd80d97cc1f67e17a575651f018d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e14ea93505ecb08d2ef8e51e9f0f7945

SHA1
9f6ded9b7061450b8c60854e8a96900c784e9663

SHA256
31ebb1f6dd9a2bf2e66413c4144782e02c6644f54a73959a543c485e14adcf53

SHA512
135f9534c63b49d562695af971cdcffd9cae12a00169da0317f0d156debd6652cc844c4c26379d90e1fbd48bbd6f91fcae3bb9ac1447b892dea29a4e0d1a7848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8ab0f5eb08b4b5de48830cef39e74bc

SHA1
d38906e1803f8c100570dec730298cebf0ed6768

SHA256
8b48ac2155e8101402c5bdc0f92c979650b15ac2c2e8b88c625b53479dbca680

SHA512
0685ca7a55abe93738f71c70a4bf92d29ea65818f107641231e89e025ac9d49b578fcf057cefb0582f663d788dc22d5ef0fa074833ef0f76d2bb3ff0ff3b0dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fc15b8321251dad5af2f78575860431

SHA1
0b654b3cf6525ff96427fba67294fe8f37bc8f66

SHA256
d14600349546e699bad05ddfdffaba5c110aae38aecf39efa0a1effe838454b9

SHA512
75a567aadbb70c6a18375909cf9164a48a8b0c79f106c4cf36e02c0316fceef42eeb2a363998761130bccb7d7512576b41c97957998e551eb2449970b698bbde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7acf07966d38658a3a72036c2e89237a

SHA1
7fd87457a1e2437b3a56c47baba1ffad9da3830c

SHA256
3f3091eb18233d77e0bf6a8b8e6953c9305c72c5d014bd6b58779ee66117ee81

SHA512
08f33608d95a7259544073533675752a2609acaba52f7ccd0073ec01b6eac94447e55726008f28dd8325b9c3346b5431095e5d62ad2fa5e0f6bf406f92dc60bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4a1b2df62101993e9d2df5e04525072

SHA1
3c84ace308ba708aaff9732e5ee453733f05dc38

SHA256
89e59a1b267fcca568442fd0caa235ac8037b5ff2186e357dcee11785d53f368

SHA512
751ee9b75ea007322e769f0a223db147d4a30546bfb85c8a1c09dd3f91c0471853249b9ce3f896479ffdc51557a379ac149e59f9dd0bb2443223e44562692305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b55825d3ca3e13b7bb2d16c19d5d956

SHA1
5954ae0280ada0f036582ec0fe0852641b76640f

SHA256
5270d550f178a3dfda668ade07fe81b2e7f5a71f7fd799fccbd42ddcca2ea3c7

SHA512
24b0d6b64447fe86bff793f3b21c4635b99e47feab1be37be695e24c06d1b96888ac371fe87e57c598dddff52f50e5045bc66085a70af7d74fa4f3fc08ce7f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fc458d90267c41e9a189de54324b08b

SHA1
ce37bdd05a90308dc73b293e5c0adda2d09cbb31

SHA256
d16bb92740753c9f0f161d42f9a7b29f185778b2ba2036ef74d6be6ea1d7b6a1

SHA512
fe0d5f3e15e0bfe8af741843102d91b604d4024e5abc7aefcbe84a6ec2f7ee7feb370860e3cffde85711d0f44c70ce7c14de1886dd67ca67ce468561f49d662c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e09a37c0c6258d30e4a47abe8c06c56

SHA1
0a8133b187ce7024786b27133bb6c09e5f451fa7

SHA256
65cd59a4ff7dc3b6256e7da3725cafe8d725acad38b3aada00ac34139eaacd05

SHA512
a174f37350d46be8711959281ff4f160bf857dcce8cd464fc82b0a6a1929139824f28e89fac1d00742020da1113d53995cfbb604e649db548fb69ac2da134956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10db240b6116d77b036c760cfe63263c

SHA1
f683e001182151094a16a0d7462f0674231703ea

SHA256
917709edb2fe39d0f8b25cd45ed287237b9379ec38ae1723a86df375f80de7f4

SHA512
dbc6407c08e45e8fedd2cf66442b0f16a481349f2e7067ffc0b4f61b55b389960d0045cf0c709655640b20710cda3bcc50347a20e6fbb4e6c2ecebb73b6b6037

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efc9ab08ba50f29e4311712e3d92321a

SHA1
741f6a7e93587e22b48326d6c7db6c4e40a2c3d9

SHA256
a4041d472c27f61e18eec13a926d7ecce5bfd43840f2f3b5a059cab8891e125c

SHA512
30cfda56689a2e5c4fe5e76fdd00662e3a350660b69924b708f7b5b59f3f71d607912fd56beeae3107202d7a34b87fbe2680c1e9716152bd991e3882caf9f676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81a44c4a7d2e2d3046b4d0685d770563

SHA1
ab2ff377e7b8607b943e52bf1ad53fc00c3d7405

SHA256
c31677dc5826051732077b200c9563601760b0aa50825b3bf705a2119c4d0617

SHA512
375303cef7445b7e40c6f17547e56cfbd1c395e9436478ddaf3849e02aa7813a203ce3ceac6e347c843215c05dbfe8cc00380c3dfe5645f711035a550f82bb33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1ec064e3a11ca2a2fac42634f158030

SHA1
2a52536d6d9cf68303ce62f4b9774a90999b00ae

SHA256
aab119cb70764ca28b36dcf9ca98bafd5fb32ee88d01747ceb4890447c76b19d

SHA512
e87892c371ad21c65d25d151ee73be6d43304c8dd3c6617a247afdd6e52e099208dac6339f0001c473f027fe71c2ca42213019942c504e58931a96879632ff6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57e043ea5b32009e2aa9fb15257b7993

SHA1
3d86c1f7625f910a42e4ea550cbd84cd5b184b0a

SHA256
4020f24eb9d9f664388671b06335e60a5a2d9b9e85b8eeadbca462fe2d7c2d17

SHA512
3ceb9f33e5aaa765a1b1110b6d0a423095795c35d581283da409fb7aaecd366891f70c4352bb57a4d2832cdfd0c6f903e52feae9b184692423e80f810036c3eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9098a2c8f3bc5e81e58cdd9201fc09f

SHA1
9df78123726450c7e324c3fdd63647af5618112e

SHA256
0b37050522dc4731c12963b5db18eff0aefba12d2f692b0ca864d10c2ae12acc

SHA512
0b2d9a63ce4d553cddf6bbfc5a8ccefc860189d13d63053e70f66a9f2ec15087b2b142f5f7b4077fda89328864134e9c57a0f5557cebb901f62ca4b318773206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2290f82a43f730e069d97c933b1045e9

SHA1
206be33e6572d21991343d0b6d115a99f8392675

SHA256
8e9ac6c7b022dc73532565bc219da95310151c854f0a48bcad474e1b64b9585d

SHA512
e74abd43fe0a4dc1b9f5c469943e3c48b2e4a0735b59171c0dd15d30b40628ce9f6f523efa4bc9d234c9c150af29e07f42bab406ec6040dc44cb7cd5cf05b9e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab0d0a74469cf4ba54be864438712d0e

SHA1
f317585775be7d0272f1a381217519616072e7eb

SHA256
2fb9061ac3448553be81fe3193a7d541d5b046d7c06730636e8ebcbec48bffc8

SHA512
784be76eb045978d2b1ab0d85ea25aca8e870a15b3b0a43b5c0c40a0eedd9a20b9eacdb428aa08af5554f4d6f0ef1a35599e4b6c13f4c1703ad701b0a3f68233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf7117cd296269c9a48736f648c3899a

SHA1
81e30b177ca8f02313fc0e506c49ac357e632165

SHA256
7c2dcebc5289cb70aba7b7fe559f8538c4065fbaa264bec1530ec1fc86e497ad

SHA512
f17e8478682049b0f2cb69ffc55befc1722902b7501d5a6d7466c22b844635d46b00f9c5d0eacb6ff344289352b899a1d93e5621a3e81030204e11f2e9b9beb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74dd4bd4c787e4446e00b28af701879d

SHA1
dbeb5fcdddb916486de9767e590e77b54773828b

SHA256
60d79a4455e760a8e8042944b9954caf4f83a388dd4acb9ba12f6da52e023c95

SHA512
45697405e7a19dd3e4a26c0dee33af629e9334d5613839adcfc8cd322bb08d8b45f41294b3dbdbe2af98b81947eeea0997f4c22596e3413d5aefb5544ec33bab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9320b1aeb6dcfa4fdec11c720edb404

SHA1
20b9b48ad7a99dce67235576f2ff20cd4b8c8676

SHA256
49ae6b9b0f62ba7af02a07e1b50aa6084cdd943f8ffa68326be4138ae1fabcef

SHA512
c99fdbb1b970caa983bc39b203c479730748125434a612349bb9d17bed44e8feb5fa5b3a2770b8d5c7e76dddddd8cd9549d46e554ca910ce48bd498b58156046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e00250f387629806777c34c1c4bb67cf

SHA1
7c1eedcd4979a990f4173242472148c87296d211

SHA256
5b4318a76684b6263290234cb9f55c18d2c9a7c944ffbc6b76f32e52a5198b66

SHA512
32af9e6a9ce38ffefb28f89d211c152ba895383ca0383dde3163f5b5dab05d8a6a910caa26a2cca5f14a16a13b8ccca05c04ced3f5d269e21395361b2ea4ced4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6ce0cf2a9275148645716ea62234874

SHA1
a200f2029e5d67bd4d3d1f743dd4c34a60de0d80

SHA256
6c1690f83cf46ad1c7d770e8fa9fbc72905d077378f2a9a140016f4a2df9074b

SHA512
40c4ae475f439067891ffc264fdfc96bfdb28688ada5aa307226bac67ba32352ecb7d66e654b9e4c1ae6b90382317698513a7c6473c62916788668b005f7c50a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c01efc0b9b4bf9dcac7ae46143693368

SHA1
bf4d80bb38b65135deb244e10f1ca17182ce196b

SHA256
0b33fb66df5012de740d141a24c867355aabf75c7ba1a619cf602c2ac7229af5

SHA512
e3dd3618d35a6c4d5d5e5b0b1a3ac0b9380e9db2c3761cd52a8dc87ee11bee81687c4eab0e9ed58a76cccfb5337fe6ef15e4bf39e4f755f51dce058c5fba0dfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f54128ad247fab5e26f116869af36649

SHA1
36062adc49c1c344d55e21b54616e457072426a0

SHA256
9a814d2052174ddea1466fba7bf7836f690b66ceaa0836808bd18928b861265f

SHA512
302062caf29914b1f743a3db5b89c95e8bf61f4d65319162c671a5faf7857ce02dfa31a4ede27efa23c1c51d47daef542a6b9453a75680b38566a62f3a453794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b39036ef5825c6712b9436ef627c1d34

SHA1
930266461777a478a6e6c7c3569d29de8221c835

SHA256
ce2585c2863e016a5d24baa523022cbf079bc233d3dc9dd9d1b4e24d6736c2c0

SHA512
98e998862cb9b8667ded24349414f7881c2f6bd6575f3eb3e4d24adad4940872d3f7a8b06c75b065cb8534153b5d8bb1be4f9bb5d345a87d3237a7b67fc814cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94b2d33a5c41d1ea763f9fae5caa3c34

SHA1
ec471613f0683f2849026546d7d5d53765deac3d

SHA256
7335bd8c144447cfa0e343a7f7ccbb73bb7c291d31e1e6c2934d5c0c1c3887d2

SHA512
050e5013c473316dc726bf957b8906800a81219cae9b79dc99c9a71b192580e805631334371f7cccb415a3fd0f3065716b605719ff1f0abb1e95216667e6308a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34ed40665904ffd8258c4aba25685166

SHA1
faeebd2e49f1fb6c349c2c82fb1d2a87a79325ae

SHA256
1e360254f6482df222d818bc9d002995eaf53471d37986ff9a44325e573672be

SHA512
041d216b6a9b7e0e01574759ff0f69cfb54f40a24667f11c353905c5959ec79548607eb01f7d3a8460d195cbb64b8b8c65615c9be19bef3e4092b57b4a0e42dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FH71F1O\default[1].htm

Filesize
304B

MD5
4d1a10f22e8332513741877c47ac8970

SHA1
f68ecc13b7a71e948c6d137be985138586deb726

SHA256
a0dbc1b7d129cfa07a5d324fb03e41717fbdd17be3903e7e3fd7f21878dfbba4

SHA512
4f1e447c41f5b694bf2bff7f21a73f2bce00dfc844d3c7722ade44249d5ac4b50cf0319630b7f3fdb890bbd76528b6d0ed6b5ad98867d09cd90dcfbfd8b96860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FH71F1O\default[3].htm

Filesize
305B

MD5
2c4ce699b73ce3278646321d836aca40

SHA1
72ead77fbd91cfadae8914cbb4c023a618bf0bd1

SHA256
e7391b33aeb3be8afbe1b180430c606c5d3368baf7f458254cef5db9eef966e3

SHA512
89ec604cd4a4ad37c5392da0bb28bd9072d731a3efdd38707eeb7b1caf7626e6917da687529bf9426d8eb89fab23175399032d545d96ab93ffd19dd54c02c075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FH71F1O\default[7].htm

Filesize
302B

MD5
51b86971925c7d24d895ff89fdebc8f5

SHA1
d037148e50a77f0de8421e0ef81f87f9f73570da

SHA256
3b50a39db6499f5cb2d3b6cec01daa5c33fcf80c0722707c6014e23ed1577280

SHA512
1bc88174ee963971ca43e106828d9e74473cf1aa664f6d4fa43ec9631610ab4c1dc9a0c84f5c89dd2b627eaf64f57dee99eca84b88eb14c36bf7285cb9d7f0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default[1].htm

Filesize
304B

MD5
605de1f61d0446f81e63c25750e99301

SHA1
0eaf9121f9dc1338807a511f92ea0b30dc2982a5

SHA256
049f75dee036da00f8c8366d29ee14268239df75b8be53aa104aec22b84560f0

SHA512
a6a2505b8b89a895922ad6dc06d2ce620cb51cc6582c1b7e498a9f1ee1e4e47c53ebc4f92f8aa37532d558667225e30574732c9fe7187153a262c933893e4285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default[2].htm

Filesize
304B

MD5
f7929bb262064ffbfe97177a150fdf7b

SHA1
c4dafb9e8a53092dd3b3c19f0013c3d51b9ec3fd

SHA256
c187618c964cc82cbdcbd9590a850323f91d34147ae36bda451a60b7038794a9

SHA512
7179f72e3c60764440628324884ee04f0889abdd99da82d0d0fcf2898aaf07645491afbc0e113933fc52189e1500ccd10ab2eb5f282f90e0e2f99e1ffd1b0c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default[4].htm

Filesize
305B

MD5
f84538b33a071d01320a46b057aef921

SHA1
e7b43145855c43f8c5d43a9b39e707885c17294e

SHA256
e5a764c9c517f97e07ee2c8e1296e5f68ef436ea513eefb639fc40dffac6e1fc

SHA512
eff4fdc3ad9ba8f40b99b3e4f856546b5f2b17d0e715f4529a0c7f9e3150964a2b1625c0f734b643ff4496cfd9d256aa096c7e2c4e1911e6262dc9fd869dca5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default[6].htm

Filesize
304B

MD5
8251fff4df202c8d6dd6aaf34f4838ea

SHA1
fa88f08dfdeaff6b86873d447fd26cb7d83a694d

SHA256
a17db628f6bdbf4cdc6fe029542404867306406510dbbdb57a047a75ac294962

SHA512
e9c0fe2a920377777bdda16a8744cf80d15e1d1b3c94b704f8a4c4cf54d2529ede4aea8a2d6d38f4e3c4d02f602edfed659db6613ac7c374e5214a201f16a3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGMI6V4A\default[7].htm

Filesize
302B

MD5
485828cfdc2c1efc0c51ff9b74dd34f8

SHA1
6f685134b031e9b2fff0eb8c7212c99bfba3719f

SHA256
615a15f6247f8f979b3a066801c98489018b1d137fd5d9b7bce73824acc70f06

SHA512
69736b9700c2f47feab282d8bf8bd6f02c9f62ecb9c02466b6cf76b1cd4b1becc70803123e73427c871c2aeb2eb64540edf95a342f78d9211ac0571e8fd1f426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2C485U7\search[3].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3444.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3445.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp11FE.tmp

Filesize
29KB

MD5
f93233357ce6ea27cebd7d6f7736fd9d

SHA1
2b6759576d956f76b8de336573f69386b3e0d8e4

SHA256
9d03eda3aa2c94cc413880ad5ae10c8b7204d3ad68352f56ad343b8673bc711f

SHA512
7e014ac8fd6cb68db55bc35befcbdae5d73dfea388f793ee02413ac80165e1168929e813c0824c59ff97592830e6df4196811aeca1d5ac877c56c46a713fbebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
320B

MD5
dcbc7ccc422d1bbd22e3484c05ba7ad9

SHA1
362e80878b69785a92e88fba184ab0c6496c2c73

SHA256
487e1b430873fb4d3fbf1b2c3182b9fceec52c7b12d2ae92967dbda3ae2f76ef

SHA512
3d0d780026a949cb1c0c61993431771e3b5c54872c2165ef2c3874a480d59c8f5155b3c42ddef9ebcd40ea6590cd788e0dbc5a5015782c56a46a04371b2173a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
320B

MD5
b30b1ff3780ee130b41bf3b6588a9dc8

SHA1
59d946e41ff8eb619a8ab4e29c741949e2d8e8a0

SHA256
6f0eb7bc5c36767d38a959c2437ac09355a309cb072d771a25fcab96d234fab8

SHA512
4976ac14a30bb00c15320f50140d6958eda08daaf9df4a7960554ab09f71cd15ce712e4ef507a6b931eb5cbed137d9307c7faf0e98778ac0e7379b1941a67d72

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/2024-2269-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-50-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-40-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-38-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-1271-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-33-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-10-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-28-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-2019-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-82-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-851-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2024-45-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2804-12-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-79-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-2264-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-1913-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-1136-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-798-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2804-3-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads