a4027c077eb86d8f4de821758cc22102b73bc88bd7b004f9326ce16d0980c8fe

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2023 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
Size

7.2MB
MD5

3300222f64e3ee3e7b1cd8bff8b56df0
SHA1

9105a13494d56095585cb9f0bc490a086f0feca5
SHA256

a4027c077eb86d8f4de821758cc22102b73bc88bd7b004f9326ce16d0980c8fe
SHA512

e9f20c4e78bbd2908450235761d0aef2c5be18bd25b72af6a5a687e9bbfcbe27429e8531b1ba21bc30ccf2a8d382012b8e25c46110bd395696526833f93bd24a
SSDEEP

196608:LZ9TeKv14YYL4/q28srJ69QG+0Ljhue9IT:PTDrZ/tHfG+wAem

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4908	NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3300222f64e3ee3e7b1cd8bff8b56df0.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~rnsetup\COMMON\rpcl3260.dll

Filesize
242KB

MD5
695198e87146650bddd79d0a160a98e7

SHA1
292c95962b5994750eda99354b1bf20313885354

SHA256
e84588ab6a148941b78573314ab0038b838137ab629df2a52bbaa1ec1dc67628

SHA512
dd7e32aa99a0d7a1734234d3fece7545b532479045044de2fd98d54ff2fbd15bf3a2c623b716280e29eaa8167e2586708163dd9e71f377c404057f5aadc421f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\pncrt.dll

Filesize
272KB

MD5
e5452563772e7f795c203ddbd4d1042d

SHA1
42caf1488f0247e9ebe7e427e425fb8273972dd2

SHA256
066e560dd80cdd5c3f4ab028036d61b7ec286d8b197ac076bbe8a747d1ec1508

SHA512
fb283b337540194bdf405439ce3c14eb5ec1695ef4c403db2d4e38984f425465e62fcfd48dc673d45e23f432b65c011d973ed49560396b6a359263d44b4b7901

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\pncrt.dll

Filesize
272KB

MD5
e5452563772e7f795c203ddbd4d1042d

SHA1
42caf1488f0247e9ebe7e427e425fb8273972dd2

SHA256
066e560dd80cdd5c3f4ab028036d61b7ec286d8b197ac076bbe8a747d1ec1508

SHA512
fb283b337540194bdf405439ce3c14eb5ec1695ef4c403db2d4e38984f425465e62fcfd48dc673d45e23f432b65c011d973ed49560396b6a359263d44b4b7901

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\pncrt.dll

Filesize
272KB

MD5
e5452563772e7f795c203ddbd4d1042d

SHA1
42caf1488f0247e9ebe7e427e425fb8273972dd2

SHA256
066e560dd80cdd5c3f4ab028036d61b7ec286d8b197ac076bbe8a747d1ec1508

SHA512
fb283b337540194bdf405439ce3c14eb5ec1695ef4c403db2d4e38984f425465e62fcfd48dc673d45e23f432b65c011d973ed49560396b6a359263d44b4b7901

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\pngu3264.dll

Filesize
365KB

MD5
e8e73d2ce7b42f0ad94a31afc693e027

SHA1
fe18de250b8c71e728bbf61f839854b54b278a48

SHA256
b9be87a4408a58e3b7ad84607de1ff2a8ee64108224354f6d6765f41b3d6c8b3

SHA512
5824a20960287d011237abcf5f751ceaec57f96f34aee21cd7acfc1bf96074a14769e36b70afbe96db7125c992fd5ac0e7f5c7f9cdd8f786079ca0a5f9f864f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\pnrs3260.dll

Filesize
11KB

MD5
48c504f432606165e3c33bee1e052fe7

SHA1
9fb651516fd9d7003dea7a346cc05fb6bb3a1aee

SHA256
e0d42e603a2de334d962361ee4150ec5ae7e7f3386d87f3cecf36420f3b2ddaf

SHA512
6c80fa583f4ffe3d38ecf5a15c217901e7cf0047ca0e6277f6a667defe5e67561b7fb2a5d7c6bab184133171ad25d787edf486df26e6f50ae058fa3f27451c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\rpsetpln.dll

Filesize
44KB

MD5
a5243ecc315d444dc3a5e930d76c2464

SHA1
69fed57cc8bbe290a29e38eed009776916cf8758

SHA256
5b460ae6db38e740b5939b221747d3670c8a16458706d90c5176b25250ccee98

SHA512
61f381c80f2c394742527447a720af6c089ed602b0ac608701f126b52e3335d0f081abb48e1fbeaccfa31f1a626b2ff7a1111990496cca66688d528a0517dd72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\rpsetpln.dll

Filesize
44KB

MD5
a5243ecc315d444dc3a5e930d76c2464

SHA1
69fed57cc8bbe290a29e38eed009776916cf8758

SHA256
5b460ae6db38e740b5939b221747d3670c8a16458706d90c5176b25250ccee98

SHA512
61f381c80f2c394742527447a720af6c089ed602b0ac608701f126b52e3335d0f081abb48e1fbeaccfa31f1a626b2ff7a1111990496cca66688d528a0517dd72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\rpsetpln.dll

Filesize
44KB

MD5
a5243ecc315d444dc3a5e930d76c2464

SHA1
69fed57cc8bbe290a29e38eed009776916cf8758

SHA256
5b460ae6db38e740b5939b221747d3670c8a16458706d90c5176b25250ccee98

SHA512
61f381c80f2c394742527447a720af6c089ed602b0ac608701f126b52e3335d0f081abb48e1fbeaccfa31f1a626b2ff7a1111990496cca66688d528a0517dd72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\sete3260.dll

Filesize
128KB

MD5
e73d76cdd5adc8922a4c079eeb174165

SHA1
f4a6e82be530738b17c481f36f1525dfe68a3d1e

SHA256
a1d08a3b77318b962485182e44f7df3bcab0cb7d0fa370d92bee0deae30f484d

SHA512
667f816af3a348f672fb0ed543f86b56c41ea0b86359a6d381b8a9bb438ab6d3c9285aaf5bd164fc58d7dac00191d23221e0d6f4273e13723fb17d1f572c6764

Download Submit
C:\Users\Admin\AppData\Local\Temp\~rnsetup\setu3260.dll

Filesize
178KB

MD5
f6e800d382c18545a137a6870512d316

SHA1
0d36107b6639c9f92bf666bbdc290cf05aa0a598

SHA256
bd573f61ec3f5187183f068a0701e7d965d05c031a49f21d0a1a82ba866e9bc0

SHA512
f12d8f075dbacea34ac787f1289c913bdedf6c3a24e7574493c7e0e695da92f68a54c7350206130647fb64e3ba6fd1ccab708771a9336b6bcd5d018ecef96ad2

Download Submit
memory/4908-197-0x0000000002EB0000-0x0000000002EBE000-memory.dmp

Filesize
56KB

Download
memory/4908-0-0x0000000000400000-0x0000000000B3B000-memory.dmp

Filesize
7.2MB

Download
memory/4908-551-0x0000000000400000-0x0000000000B3B000-memory.dmp

Filesize
7.2MB

Download