3dec6c0d6e771b05006f99bd9ba599b820b87c4f186d45c8a4db077d324e8859

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe
Size

145KB
MD5

e6f8662ec51d3cbb4e4a117d8610ca10
SHA1

b0dd1620124782c6a36baa4057a3185f9e537571
SHA256

3dec6c0d6e771b05006f99bd9ba599b820b87c4f186d45c8a4db077d324e8859
SHA512

ef59631e95a129220481da4c7a3a43422f83924dbc0dbcdfaeadcfdcca6c7f580ba3530b47d7aa9d25bc234847a2df1ca62f16be51ade3b7e932a074b214095e
SSDEEP

3072:+apQLsjnOYOKOpGQ2ly+4yHyisr7O8CMFPv3yJDUKb80vh:+aIsfQ28+4R7T5vrsXh

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
5072	yqzqgud.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\yqzqgud.exe	NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe
File created	C:\PROGRA~3\Mozilla\dvujjgk.dll	yqzqgud.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe"
1⤵
- Drops file in Program Files directory
PID:4188

C:\PROGRA~3\Mozilla\yqzqgud.exe
C:\PROGRA~3\Mozilla\yqzqgud.exe -ikphvdj
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\yqzqgud.exe

Filesize
145KB

MD5
6031315dbe8d9149b5dbca2132d6142d

SHA1
c97661e186300d7a5d9da18c13697b972f0d1b77

SHA256
f133b28c8626db2b3420d8dd72e63f20f3190467e0ed3b1cdab003a305e59710

SHA512
22a660c72336fd5a67961cbef68186c927e0d55f611734d87e9eff3bbb4c63386233807cab6e5733f16a33a8991d57583b0b08787be418af6c12882889297a7f

Download Submit
C:\ProgramData\Mozilla\yqzqgud.exe

Filesize
145KB

MD5
6031315dbe8d9149b5dbca2132d6142d

SHA1
c97661e186300d7a5d9da18c13697b972f0d1b77

SHA256
f133b28c8626db2b3420d8dd72e63f20f3190467e0ed3b1cdab003a305e59710

SHA512
22a660c72336fd5a67961cbef68186c927e0d55f611734d87e9eff3bbb4c63386233807cab6e5733f16a33a8991d57583b0b08787be418af6c12882889297a7f

Download Submit
memory/4188-0-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4188-1-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4188-2-0x0000000002070000-0x0000000002072000-memory.dmp

Filesize
8KB

Download
memory/4188-3-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4188-9-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/5072-10-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/5072-11-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/5072-12-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/5072-16-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download