16d9d33a10d44c3d71c7b0451dbeaa52b5d343ab750b3d9d1437610d184a5276

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6368213d139981e211038ca0ed3d6270.exe
Size

181KB
MD5

6368213d139981e211038ca0ed3d6270
SHA1

1f3467944efb8b0f2a0b779f27776c1017e906b3
SHA256

16d9d33a10d44c3d71c7b0451dbeaa52b5d343ab750b3d9d1437610d184a5276
SHA512

8875bc1c7b5223e036ffa80918719e3338e2b4b1a4c906922b0f929c09486f977e6109c5d283a5a2fce27acb357371d9be91f03dec7febae4481bf496ab65188
SSDEEP

3072:YG9WdoX/14GwN+iHhK/xYHeAvG4HTQSKsTRbjpu5kS6AF+mheuxRO0VrcA:D9WG14GWx2xYnIstbjgHESeuz5cA

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2808	gpypjxc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\gpypjxc.exe	NEAS.6368213d139981e211038ca0ed3d6270.exe
File created	C:\PROGRA~3\Mozilla\kbbthmm.dll	gpypjxc.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6368213d139981e211038ca0ed3d6270.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6368213d139981e211038ca0ed3d6270.exe"
1⤵
- Drops file in Program Files directory
PID:2240

C:\PROGRA~3\Mozilla\gpypjxc.exe
C:\PROGRA~3\Mozilla\gpypjxc.exe -tripsff
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\gpypjxc.exe

Filesize
181KB

MD5
76a9d753943b2bf475288f52c3765285

SHA1
f8f48db2b47847f76d769e0a3d391a89a816802c

SHA256
bd5afdb107cf34fbe3ae870eb66093b7238e2e4e2fd989eec20038d85ff4a641

SHA512
3e332dba9ab355312d6c91de722859f9cc1095de737b16af37a02469c1df43c021092dd472727f70ab2956d56f1e4e2c193d2d4172b0123b7d8bc3bc05a6564c

Download Submit
C:\ProgramData\Mozilla\gpypjxc.exe

Filesize
181KB

MD5
76a9d753943b2bf475288f52c3765285

SHA1
f8f48db2b47847f76d769e0a3d391a89a816802c

SHA256
bd5afdb107cf34fbe3ae870eb66093b7238e2e4e2fd989eec20038d85ff4a641

SHA512
3e332dba9ab355312d6c91de722859f9cc1095de737b16af37a02469c1df43c021092dd472727f70ab2956d56f1e4e2c193d2d4172b0123b7d8bc3bc05a6564c

Download Submit
memory/2240-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2240-1-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download
memory/2240-10-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2808-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2808-11-0x0000000000D30000-0x0000000000D8B000-memory.dmp

Filesize
364KB

Download
memory/2808-17-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download