5847e8b9aaa0a724dd1a1bc37efcb0eb2172c98bf193422a5dee9facf4f0de13

Analysis

max time kernel
144s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4827258c4c294249aa1805980ddf63a0.exe
Size

154KB
MD5

4827258c4c294249aa1805980ddf63a0
SHA1

f832263ad3b6f311a2d56f9afa9fcf7a0e868126
SHA256

5847e8b9aaa0a724dd1a1bc37efcb0eb2172c98bf193422a5dee9facf4f0de13
SHA512

8d6b7b83130caf64bf20ebc59543769936a2a07b8a4ed1ac5a2784569e79958e5590dbabd681c8f165c29d69a3d8fede94e1bedf42161161f5ba8646d50d4543
SSDEEP

3072:oDBH9p/3K+AEkzgXrGqJM4qd3bGjhkqsXb:29pTAEkz6rGq4Bbq2b

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4120	asqmzyj.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\asqmzyj.exe	NEAS.4827258c4c294249aa1805980ddf63a0.exe
File created	C:\PROGRA~3\Mozilla\mzqcwxd.dll	asqmzyj.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.4827258c4c294249aa1805980ddf63a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4827258c4c294249aa1805980ddf63a0.exe"
1⤵
- Drops file in Program Files directory
PID:2808

C:\PROGRA~3\Mozilla\asqmzyj.exe
C:\PROGRA~3\Mozilla\asqmzyj.exe -kewnvcd
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\asqmzyj.exe

Filesize
154KB

MD5
aeb7f642d39c966e43c485a36e38cb98

SHA1
8f13d5f16930b8eb0f8639370d83e4d0017e9fb6

SHA256
bb6845253137181a1130a4a57863a5eb776d75cd282e1348ee88f6afecfe5c46

SHA512
4f0480a50626cbac2bf0a12e3cca1ea90bfa3ee32b575cc434b4c12d73ee48661c8845ea910ed4d78a5ccd4fa134fb4f12df524a3af5fa641e147ac2c23b560a

Download Submit
C:\ProgramData\Mozilla\asqmzyj.exe

Filesize
154KB

MD5
aeb7f642d39c966e43c485a36e38cb98

SHA1
8f13d5f16930b8eb0f8639370d83e4d0017e9fb6

SHA256
bb6845253137181a1130a4a57863a5eb776d75cd282e1348ee88f6afecfe5c46

SHA512
4f0480a50626cbac2bf0a12e3cca1ea90bfa3ee32b575cc434b4c12d73ee48661c8845ea910ed4d78a5ccd4fa134fb4f12df524a3af5fa641e147ac2c23b560a

Download Submit
memory/2808-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2808-1-0x00000000009E0000-0x0000000000A3B000-memory.dmp

Filesize
364KB

Download
memory/2808-6-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4120-10-0x0000000000D60000-0x0000000000DBB000-memory.dmp

Filesize
364KB

Download