786866129029200c814f6447b1e9feb75dd9dd8cc53bb0e55ed6656ff448fd62

Analysis

max time kernel
157s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
Size

261KB
MD5

624fdedf7264ae6220e0e2104f9c83a0
SHA1

6f29f765e7895b10ac4558a5bc180b08a3f7414b
SHA256

786866129029200c814f6447b1e9feb75dd9dd8cc53bb0e55ed6656ff448fd62
SHA512

4bf95b0525a0e575630160572e82e75e41eeb116c94843b0cad9528be72f9b2a204606fdac44ec33a592206a0a3d94206407b225c7aafffece3a8fbbd4a6b6ab
SSDEEP

6144:xe3417BiU2nWmcliUYiV71QHcs23GbiQy:t7gX2i7iVMcs23GuQy

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/2888-52-0x0000000073630000-0x000000007363A000-memory.dmp	acprotect
behavioral2/files/0x000a000000022ce9-43.dat	acprotect

Loads dropped DLL 16 IoCs

pid	Process
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
2888	NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2888-52-0x0000000073630000-0x000000007363A000-memory.dmp	upx
behavioral2/files/0x000a000000022ce9-43.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.624fdedf7264ae6220e0e2104f9c83a0.exe"
1⤵
- Loads dropped DLL
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\nsArray.dll

Filesize
6KB

MD5
f8462e9d1d7fd39789afca89ab6d6046

SHA1
7e9a518e15b7490245d2bef11a73f209c8d8d59b

SHA256
48941e9f5c92a33f1e60a7a844d562dd77ce736fd31b5503c980b49679dfe85e

SHA512
57dee2253abd7d17d53811d5e95237f9434288518fb043645524a517786db2d8a91df86a6da732c620f12ad0e7ea30a923b8d5f3de386c65bd3ff240bc0dff69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm6231.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
memory/2888-52-0x0000000073630000-0x000000007363A000-memory.dmp

Filesize
40KB

Download
memory/2888-74-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/2888-73-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/2888-77-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download