c6de4b06fc03a535a7eb7bc56c99b4b68a2f0be1b17b5d6f004b99736636a084

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a84c9c18f88909529074f92a5fd553a8.exe
Size

34KB
MD5

a84c9c18f88909529074f92a5fd553a8
SHA1

9ce4d0efc440f84f5b38857ba73ffcfba96e69d7
SHA256

c6de4b06fc03a535a7eb7bc56c99b4b68a2f0be1b17b5d6f004b99736636a084
SHA512

310530619744a6a2746a07c9364c71bdaeb758725fb6294cc08a10edf55408d48089001f2fd19105258e0a71a270d6d8a52ee78ff2cf2d94d69b3848c1e0158a
SSDEEP

768:pwy7luXqnKZ3URe/cqhVnjBsuC1bfeFb1RbfrFFdwu:aypnKZ3Ulchtsl1bfw/frFvwu

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2664-0-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-3-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-5-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-7-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-9-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-11-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-13-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2664-15-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-24.dat	upx
behavioral1/memory/2664-92-0x0000000000800000-0x000000000080E200-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	NEAS.a84c9c18f88909529074f92a5fd553a8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ICQ 4 Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Winamp 5.0 (en) Crack.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\WinRAR.v.3.2.and.key.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\index.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\index.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\Winamp 5.0 (en).com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\WinRAR.v.3.2.and.key.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\Winamp 5.0 (en) Crack.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\ICQ 4 Lite.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Kazaa Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\WinRAR.v.3.2.and.key.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\Winamp 5.0 (en) Crack.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\index.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Kazaa Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\index.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\Winamp 5.0 (en).com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\ICQ 4 Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\ICQ 4 Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\Winamp 5.0 (en).com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\Winamp 5.0 (en).exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\Kazaa Lite.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\Winamp 5.0 (en) Crack.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\ICQ 4 Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\Winamp 5.0 (en).ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\Winamp 5.0 (en) Crack.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\Kazaa Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\index.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\index.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\index.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\index.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Winamp 5.0 (en) Crack.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\Winamp 5.0 (en).exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\WinRAR.v.3.2.and.key.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ICQ 4 Lite.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Kazaa Lite.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\Winamp 5.0 (en) Crack.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\index.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\Winamp 5.0 (en) Crack.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\Kazaa Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\Winamp 5.0 (en) Crack.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\Harry Potter.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Winamp 5.0 (en).ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\index.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\Harry Potter.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Winamp 5.0 (en) Crack.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\Harry Potter.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Winamp 5.0 (en).exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Kazaa Lite.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Kazaa Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\ICQ 4 Lite.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\Kazaa Lite.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\Winamp 5.0 (en) Crack.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\index.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\WinRAR.v.3.2.and.key.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Harry Potter.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Harry Potter.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\Kazaa Lite.ShareReactor.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\Harry Potter.com	NEAS.a84c9c18f88909529074f92a5fd553a8.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\lsass.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe
File opened for modification	C:\Windows\lsass.exe	NEAS.a84c9c18f88909529074f92a5fd553a8.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.a84c9c18f88909529074f92a5fd553a8.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a84c9c18f88909529074f92a5fd553a8.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp47DB.tmp

Filesize
34KB

MD5
4119e9ec355214fdfe16de5c617ef4b0

SHA1
938654a1fdf4e21ac9e11c5488b7cf6c90f47f19

SHA256
96773370b5eb6e2aeec478d3f03335b5d9936d4cc21e03910164aaa13af59fdf

SHA512
a19b24fc549e9f3756afccac0e1310e6d4b81e321d3fbb92e1260f706bd25f72ed56956002e3f6fe18ea33f7a0ccdafcdf2d2993cdcbda04b56d550601cac609

Download Submit
memory/2664-0-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-3-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-5-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-7-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-9-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-11-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-13-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-15-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2664-92-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads