Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
04/11/2023, 19:05
General
-
Target
NEAS.10fe0545906e5b7fe5d8957d8490a590_JC.exe
-
Size
1011KB
-
MD5
10fe0545906e5b7fe5d8957d8490a590
-
SHA1
2160a46256e5c42a841119536404e0c902ab40de
-
SHA256
134ab10f5c16c46f9290d2c031a9d83adef5f36d7c82f7472778f479669ffaf5
-
SHA512
edc56c298a6924c5ccaf97a4609d823c196299bd6d3c1370fdfe649c34363ca917802d1c51cdbcef50b3f47d4844c87cdf42078e98ba38e6e70f875d75873209
-
SSDEEP
24576:jiur4LUgziur4LUgziur4LUgziur4LUgziur4LUg+iur4LUgx:jbrZObrZObrZObrZObrZHbrZE
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 42 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.10fe0545906e5b7fe5d8957d8490a590_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.10fe0545906e5b7fe5d8957d8490a590_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C wmic bios get serialnumber2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic bios get serialnumber3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C echo %computername%2⤵
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C getmac /fo list | Find "Physical Address"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\getmac.exegetmac /fo list3⤵
-
-
C:\Windows\system32\find.exeFind "Physical Address"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\Users\Public\Desktop | find "AX_PROD"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\Users\Public\Desktop "3⤵
-
-
C:\Windows\system32\find.exefind "AX_PROD"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\Users\Public\Desktop | find "Retail POS"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\Users\Public\Desktop "3⤵
-
-
C:\Windows\system32\find.exefind "Retail POS"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\Users\axdcr\Desktop | find "AX_PROD"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\Users\axdcr\Desktop "3⤵
-
-
C:\Windows\system32\find.exefind "AX_PROD"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\Users\axdcr\Desktop | find "Retail POS"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\Users\axdcr\Desktop "3⤵
-
-
C:\Windows\system32\find.exefind "Retail POS"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files (x86)"\HPGFulltaxVRF | find "HPGFulltaxVRF"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files (x86)"\HPGFulltaxVRF "3⤵
-
-
C:\Windows\system32\find.exefind "HPGFulltaxVRF"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files"\HPGFulltaxVRF | find "HPGFulltaxVRF"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files"\HPGFulltaxVRF "3⤵
-
-
C:\Windows\system32\find.exefind "HPGFulltaxVRF"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files (x86)"\"uvnc bvba"\UltraVNC | find "winvnc"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files (x86)"\"uvnc bvba"\UltraVNC "3⤵
-
-
C:\Windows\system32\find.exefind "winvnc"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files"\"uvnc bvba"\UltraVNC | find "winvnc"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\find.exefind "winvnc"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files"\"uvnc bvba"\UltraVNC "3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files (x86)"\Websense\"Websense Endpoint" | find "F1EUI"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files (x86)"\Websense\"Websense Endpoint" "3⤵
-
-
C:\Windows\system32\find.exefind "F1EUI"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files"\Websense\"Websense Endpoint" | find "F1EUI"2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files"\Websense\"Websense Endpoint" "3⤵
-
-
C:\Windows\system32\find.exefind "F1EUI"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files (x86)"\CrowdStrike | find "CSFalconService.exe"2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files (x86)"\CrowdStrike "3⤵
-
-
C:\Windows\system32\find.exefind "CSFalconService.exe"3⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C dir /b C:\"Program Files"\CrowdStrike | find "CSFalconService.exe"2⤵
-
C:\Windows\system32\find.exefind "CSFalconService.exe"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" dir /b C:\"Program Files"\CrowdStrike "3⤵
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB