Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
06/11/2023, 02:32
General
-
Target
NEAS.6368213d139981e211038ca0ed3d6270.exe
-
Size
181KB
-
MD5
6368213d139981e211038ca0ed3d6270
-
SHA1
1f3467944efb8b0f2a0b779f27776c1017e906b3
-
SHA256
16d9d33a10d44c3d71c7b0451dbeaa52b5d343ab750b3d9d1437610d184a5276
-
SHA512
8875bc1c7b5223e036ffa80918719e3338e2b4b1a4c906922b0f929c09486f977e6109c5d283a5a2fce27acb357371d9be91f03dec7febae4481bf496ab65188
-
SSDEEP
3072:YG9WdoX/14GwN+iHhK/xYHeAvG4HTQSKsTRbjpu5kS6AF+mheuxRO0VrcA:D9WG14GWx2xYnIstbjgHESeuz5cA
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.6368213d139981e211038ca0ed3d6270.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.6368213d139981e211038ca0ed3d6270.exe"1⤵
- Drops file in Program Files directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {17CE7BA8-E57F-400E-8840-B30A64490ECE} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\PROGRA~3\Mozilla\dhuqaed.exeC:\PROGRA~3\Mozilla\dhuqaed.exe -vpwggce2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
181KB
MD5c368e789469d28e1e93cef43f7f9e5e6
SHA1fe40953796d9582ca4f26c75f8e24e1b7eb4f6b5
SHA256c797b2d8bbc5ca87f0ef1a94d9df807760e2d98327ffad63da653ff11959ea0f
SHA512cf7493894f2558b1de59be15e097edf0af2ccc9192d9fbcaffbf0a47ce2a643a0a7970ba00f119cfbfcd3d3f61c15301b71f60de57048a08b45536e23ac4c8c3
-
Filesize
181KB
MD5c368e789469d28e1e93cef43f7f9e5e6
SHA1fe40953796d9582ca4f26c75f8e24e1b7eb4f6b5
SHA256c797b2d8bbc5ca87f0ef1a94d9df807760e2d98327ffad63da653ff11959ea0f
SHA512cf7493894f2558b1de59be15e097edf0af2ccc9192d9fbcaffbf0a47ce2a643a0a7970ba00f119cfbfcd3d3f61c15301b71f60de57048a08b45536e23ac4c8c3
-
Filesize
200KB
-
Filesize
364KB
-
Filesize
200KB
-
Filesize
200KB
-
Filesize
364KB
-
Filesize
200KB