1c26c73ad4aa03f9379104de55f94d4f75e7c889f5bff447a4a0eedab336c1ad

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 21:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe
Size

368KB
MD5

01d54b15f258a4911c96475119dc5e80
SHA1

63e9241f3c2541231406648750dbf553c467c418
SHA256

1c26c73ad4aa03f9379104de55f94d4f75e7c889f5bff447a4a0eedab336c1ad
SHA512

96ad4fb1c471635fcde5e6ebda1d85432aa6bc6f85fae85cc506c5f7ef9141dd33f813d6ab329f830a5440feb50a4572d549a59ff4351ff648631d00ee9cf3d0
SSDEEP

6144:DWpkbJvLBgM4QoRmQ3BxbEhlgB+djvXHQ5bjVO8x5BY0:8I1LBg9QoRmQxxbylqgvXHQbOm5J

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1512	NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe
1512	NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1512	NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1512	NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe
1512	NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.01d54b15f258a4911c96475119dc5e80_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wee82CC.tmp

Filesize
262KB

MD5
a0840b6ee26791ef32068e0629bf9801

SHA1
574bb311577db0707fcf413f5f6f65214a17413c

SHA256
706f10b3a6c08f756fd758a23e882ec6971bab470e2d67b3ddddf4ba43d17e34

SHA512
d190e8f2b39ea0c61824393a4972dba1ab6aed708ecacf918abf1a62a17a806c7792c1a3d5ef3264ea16b6fe534761efc15e8eb15ba60e7620832867a14766db

Download Submit
C:\Users\Admin\AppData\Local\Temp\wee82CC.tmp

Filesize
262KB

MD5
a0840b6ee26791ef32068e0629bf9801

SHA1
574bb311577db0707fcf413f5f6f65214a17413c

SHA256
706f10b3a6c08f756fd758a23e882ec6971bab470e2d67b3ddddf4ba43d17e34

SHA512
d190e8f2b39ea0c61824393a4972dba1ab6aed708ecacf918abf1a62a17a806c7792c1a3d5ef3264ea16b6fe534761efc15e8eb15ba60e7620832867a14766db

Download Submit
memory/1512-6-0x0000000005490000-0x0000000005522000-memory.dmp

Filesize
584KB

Download
memory/1512-2-0x0000000002CE0000-0x0000000002D26000-memory.dmp

Filesize
280KB

Download
memory/1512-4-0x00000000052E0000-0x00000000052F0000-memory.dmp

Filesize
64KB

Download
memory/1512-5-0x0000000005B30000-0x00000000060D4000-memory.dmp

Filesize
5.6MB

Download
memory/1512-3-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/1512-7-0x0000000005560000-0x000000000556A000-memory.dmp

Filesize
40KB

Download
memory/1512-8-0x00000000052E0000-0x00000000052F0000-memory.dmp

Filesize
64KB

Download
memory/1512-9-0x00000000052E0000-0x00000000052F0000-memory.dmp

Filesize
64KB

Download
memory/1512-10-0x00000000087E0000-0x0000000008846000-memory.dmp

Filesize
408KB

Download
memory/1512-19-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/1512-20-0x00000000052E0000-0x00000000052F0000-memory.dmp

Filesize
64KB

Download
memory/1512-21-0x00000000052E0000-0x00000000052F0000-memory.dmp

Filesize
64KB

Download
memory/1512-22-0x00000000052E0000-0x00000000052F0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads