73ae2de93514a15d4f902fdac740c8ea6f29acf7fb459dc7523d471e2ef0e7fa

Analysis

max time kernel
100s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe
Size

161KB
MD5

cc4f5fd89260bebc79f7a3a47585d6d0
SHA1

336289221e72c929af0428c1d956319c9ce025a5
SHA256

73ae2de93514a15d4f902fdac740c8ea6f29acf7fb459dc7523d471e2ef0e7fa
SHA512

f56524577d515b255da184f945cc1877a41b442d15a51dfca89ed9e30e98f813e774fb776118bb9cb54637c4e8743f34406c649d49da7ab50151c668843b7ff5
SSDEEP

3072:51oVtum4WHvjVGr8kgB9s8p+uRcKVHM0lma3UroAew5ak23n2MgN8Dljl:5mtmCjkU9Wu6uFYwsegak22TQlh

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1504	ecxnjia.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ecxnjia.exe	NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe
File created	C:\PROGRA~3\Mozilla\qxogatk.dll	ecxnjia.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe"
1⤵
- Drops file in Program Files directory
PID:400

C:\PROGRA~3\Mozilla\ecxnjia.exe
C:\PROGRA~3\Mozilla\ecxnjia.exe -goglxbn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\ecxnjia.exe

Filesize
161KB

MD5
6f7c1cc8adcc55d4401d4cc83510ad49

SHA1
00923e86e0da0922f7a2d2bc6d994a68f4d9de07

SHA256
60fb7982b198b316de35883d1188460955c81ae048628e165f05c285cbc9f164

SHA512
1df111f4ef5e5738aeddc22ec29c000de71d2377918ec05509ecd8dd615489931af495b8ba9926b3beccd7df63ef6672e4e42952f83590a53726c147e866d905

Download Submit
C:\ProgramData\Mozilla\ecxnjia.exe

Filesize
161KB

MD5
6f7c1cc8adcc55d4401d4cc83510ad49

SHA1
00923e86e0da0922f7a2d2bc6d994a68f4d9de07

SHA256
60fb7982b198b316de35883d1188460955c81ae048628e165f05c285cbc9f164

SHA512
1df111f4ef5e5738aeddc22ec29c000de71d2377918ec05509ecd8dd615489931af495b8ba9926b3beccd7df63ef6672e4e42952f83590a53726c147e866d905

Download Submit
memory/400-10-0x00000000021B0000-0x00000000021D1000-memory.dmp

Filesize
132KB

Download
memory/400-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/400-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/400-1-0x00000000021B0000-0x00000000021D1000-memory.dmp

Filesize
132KB

Download
memory/400-2-0x00000000021F0000-0x000000000224B000-memory.dmp

Filesize
364KB

Download
memory/400-9-0x00000000021F0000-0x000000000224B000-memory.dmp

Filesize
364KB

Download
memory/400-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1504-12-0x00000000004B0000-0x00000000004D1000-memory.dmp

Filesize
132KB

Download
memory/1504-13-0x0000000000610000-0x000000000066B000-memory.dmp

Filesize
364KB

Download
memory/1504-14-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1504-16-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1504-18-0x00000000004B0000-0x00000000004D1000-memory.dmp

Filesize
132KB

Download
memory/1504-19-0x0000000000610000-0x000000000066B000-memory.dmp

Filesize
364KB

Download