7babeb7b613b6d5d817e17b9b5d2d8f91d3a99aad30d975e91a9140e4dd4ba18

Analysis

max time kernel
121s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe
Size

145KB
MD5

0d6b3fd023782511a151bc17d7b72aa0
SHA1

581ac5896bc7b73b4eebfb370c8635123ae2f81e
SHA256

7babeb7b613b6d5d817e17b9b5d2d8f91d3a99aad30d975e91a9140e4dd4ba18
SHA512

e876d81661159e250252bc5b0d8cb2453df4482e47125bba531942de79a377118cde8536f1a242ba2f38c30bc51ecc9d8dda7f918a737ba8ca0efb5210ff0922
SSDEEP

3072:H0FcokNlIts/eEieyYr5czW2BmQ6GEq03IviP:H05WJWE+hS2h0IviP

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2080	tmadqjh.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\tmadqjh.exe	NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe
File created	C:\PROGRA~3\Mozilla\rjbydkd.dll	tmadqjh.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0d6b3fd023782511a151bc17d7b72aa0.exe"
1⤵
- Drops file in Program Files directory
PID:880

C:\PROGRA~3\Mozilla\tmadqjh.exe
C:\PROGRA~3\Mozilla\tmadqjh.exe -gglpwzh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\tmadqjh.exe

Filesize
145KB

MD5
97976886328f2864b1dd6d77a9c66a44

SHA1
313061eee4bb78289ea01f606ebb112d8e578e4b

SHA256
bb00d109cc932785e45d21f4bb5a039113c9b8951b47748854da652c33513b20

SHA512
ff73b8a5500d8b37cb58dd4deb1caa2c5a7f63bf627f17999e9e0f070ec3277c53579298704562ce5f38aaef41ca5034d09fc7cdf0bfb72f4f8532028b029968

Download Submit
C:\ProgramData\Mozilla\tmadqjh.exe

Filesize
145KB

MD5
97976886328f2864b1dd6d77a9c66a44

SHA1
313061eee4bb78289ea01f606ebb112d8e578e4b

SHA256
bb00d109cc932785e45d21f4bb5a039113c9b8951b47748854da652c33513b20

SHA512
ff73b8a5500d8b37cb58dd4deb1caa2c5a7f63bf627f17999e9e0f070ec3277c53579298704562ce5f38aaef41ca5034d09fc7cdf0bfb72f4f8532028b029968

Download Submit
memory/880-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/880-2-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/880-1-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/880-3-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/880-9-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2080-10-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2080-11-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2080-12-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2080-16-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download