02d2035eaac253d84f6a4518dcdc527076d1fba2561ebe370e7d15694180c153

Analysis

max time kernel
134s
max time network
147s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05-11-2023 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe
Size

478KB
MD5

001e3c56bfd3a2e514d7acc1bc914310
SHA1

9ad47cb9608685bba95793ba5ae96b519dada308
SHA256

02d2035eaac253d84f6a4518dcdc527076d1fba2561ebe370e7d15694180c153
SHA512

0ef2120330273b41803dbebaa8249cc503f23c033c8b73dcd3377aa8f489bc04e22b2d60ec569987d713b8a2729c2f78c784ace76d7cb5cc8a18b7dc30ef085b
SSDEEP

6144:cgM+lFy9XBu5gmEBipkz+Jix8NB40poIZ2ix0LzjYfbdBcpvMY4ec:cqFytBu5kiplJiGDIix4zjNpvAec

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2800	NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe
2800	NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2800	NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2800	NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe
2800	NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.001e3c56bfd3a2e514d7acc1bc914310_JC.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dfs7668.tmp

Filesize
271KB

MD5
4377306c677de5d2d840a3bdcaa2e1e4

SHA1
f7ffca0ed92bd4d381636f9436c6568f0bd6c1d1

SHA256
4a6e4836607221491864d854c31097fa4e2a790a06f801a50891e65a540b1ce7

SHA512
fa1ded63d5ac146721d29ada2ba7c280ecd429fb0cc649ecf1c4647f4a9602b7473fea1076eaae36a476219ed76130eb7c55dc720523297c8a7bc8c77a279b63

Download Submit
\Users\Admin\AppData\Local\Temp\dfs7668.tmp

Filesize
271KB

MD5
4377306c677de5d2d840a3bdcaa2e1e4

SHA1
f7ffca0ed92bd4d381636f9436c6568f0bd6c1d1

SHA256
4a6e4836607221491864d854c31097fa4e2a790a06f801a50891e65a540b1ce7

SHA512
fa1ded63d5ac146721d29ada2ba7c280ecd429fb0cc649ecf1c4647f4a9602b7473fea1076eaae36a476219ed76130eb7c55dc720523297c8a7bc8c77a279b63

Download Submit
memory/2800-4-0x0000000000440000-0x000000000048A000-memory.dmp

Filesize
296KB

Download
memory/2800-5-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download
memory/2800-6-0x00000000046F0000-0x0000000004730000-memory.dmp

Filesize
256KB

Download
memory/2800-7-0x00000000002A0000-0x00000000002AC000-memory.dmp

Filesize
48KB

Download
memory/2800-8-0x00000000046F0000-0x0000000004730000-memory.dmp

Filesize
256KB

Download
memory/2800-9-0x00000000046F0000-0x0000000004730000-memory.dmp

Filesize
256KB

Download
memory/2800-15-0x000000000A0F0000-0x000000000A896000-memory.dmp

Filesize
7.6MB

Download
memory/2800-20-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download
memory/2800-21-0x00000000046F0000-0x0000000004730000-memory.dmp

Filesize
256KB

Download