Overview

overview

7

Static

static

3

NEAS.57af7...a7.exe

windows7-x64

7

NEAS.57af7...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2023, 11:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.57af769fa70293884a3462aada1ffca7.exe

  • Size

    4.5MB

  • MD5

    57af769fa70293884a3462aada1ffca7

  • SHA1

    ee05968d760defc9e687e760bb5c4e79943fd2f4

  • SHA256

    e00f4aebbb01a832a1dd63a7e53edbff44de15510f276d324533402e8133e197

  • SHA512

    25c87fa23feacedf957a495ea206ff0313b8c591872a808a46e9804e2b0b2214aa827d0c1862b8f734eb5969530cf1e1855da7fbd5861da43a22c46f1ab2d3ea

  • SSDEEP

    49152:D+NEfT0HSh8wTwzWn1lioYTDGAfp8a+nTdsb0N00VwmNG2TXEBGhTod6sTJN0QbD:nnpavoSIGf

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 7 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.57af769fa70293884a3462aada1ffca7.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.57af769fa70293884a3462aada1ffca7.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4472
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      PID:4856
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 224
        3⤵
        • Program crash
        PID:828
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4604
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:5028
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2988
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4856 -ip 4856
    1⤵
      PID:3304
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:3348
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1460
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:82952 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          PID:4780
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:17416 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1512
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:82960 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4776

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              10a4cd317b2b7e1f1b57ff2076bdbf60

              SHA1

              69949282ce734660e283178f14f418f5ffd8b4c7

              SHA256

              505d8226490bcdd169ec17a1c6a89e8209bea3804a8eb54332c323d1f98b0df4

              SHA512

              2f60f0ed277def78fc4dd6621ba865144a27c8e2bc4946995b00d4b8c28cb105c28b0bc39afb08b6bbf3753ebb787524855d3a29a83389d242a36b44ab99a675

              Download Submit

            • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              10a4cd317b2b7e1f1b57ff2076bdbf60

              SHA1

              69949282ce734660e283178f14f418f5ffd8b4c7

              SHA256

              505d8226490bcdd169ec17a1c6a89e8209bea3804a8eb54332c323d1f98b0df4

              SHA512

              2f60f0ed277def78fc4dd6621ba865144a27c8e2bc4946995b00d4b8c28cb105c28b0bc39afb08b6bbf3753ebb787524855d3a29a83389d242a36b44ab99a675

              Download Submit

            • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              10a4cd317b2b7e1f1b57ff2076bdbf60

              SHA1

              69949282ce734660e283178f14f418f5ffd8b4c7

              SHA256

              505d8226490bcdd169ec17a1c6a89e8209bea3804a8eb54332c323d1f98b0df4

              SHA512

              2f60f0ed277def78fc4dd6621ba865144a27c8e2bc4946995b00d4b8c28cb105c28b0bc39afb08b6bbf3753ebb787524855d3a29a83389d242a36b44ab99a675

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
              Filesize

              2KB

              MD5

              83426ef3b8f2fcfd216bcca8d1049db9

              SHA1

              ab955e822cc7e2a42c9556fb2c3b81a0200b77d5

              SHA256

              47a172cd8e09cc4d5ef252a8855f7ade64ea32bcf2d2107777354c4f5a2190f7

              SHA512

              540aad4c0f93195ca4e001a4f5b941890278c52a1bfe2bead0eebe800da0edf9523f5e6d4b0781685546a9bfd3b87575ffa16b97dda9214f4a22dfb00cefea81

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5BA5CDB17B58BCA6C47D7F17936ECCE3_05407F87671A7EFDA7CA76874D550ACE
              Filesize

              2KB

              MD5

              b518542e3182044ca29c98cbacd583aa

              SHA1

              adbfdfc6e3c413fc9aba14b7e99c723041ada7f0

              SHA256

              0a2f78682205e93a3a8045bcc155cd2d27b49700f4a73c15180206d892930b6c

              SHA512

              0efee861bba0d24dc6057b88bdd07af79f15c7a98329137daaef7671e74c6a40a9db69a948370ddece09728d41a7db790412c101c59275d377fa17dd4d826e78

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
              Filesize

              450B

              MD5

              240c9c75efcf9a51ea91f4a633c46894

              SHA1

              e80235999a7a40123a58694000ce929a827e142b

              SHA256

              904e39e9839224b717f0d754b26b7dbab5b3779cb6fd0fc840e9dca3b9793013

              SHA512

              cf80270a8f07f6cf0f67cc6f8714f5da96af57e82924dabf1e3f9f13fb816db744ffb21a64260ab53f719501fab88dda6f3b5522b5b40e4f602330d8e71df5cd

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5BA5CDB17B58BCA6C47D7F17936ECCE3_05407F87671A7EFDA7CA76874D550ACE
              Filesize

              458B

              MD5

              1d7f8bbe33803f608f2fcb3091b2d764

              SHA1

              17a5d84e99c96e9f3147246678efd06a6b37ce89

              SHA256

              f1c0c45fa8fe30668929b91e3cf397119941a4ea5ec54c9be8330cc6b9c4496a

              SHA512

              7e4db0fc5e4160f9ccdf2b712e5eb18be79069c1bed5610f824bc5108eff1cf5e1b755db99e8ab0e3c99fb55b25603a1ad171a93947b8fc8ea2af466d3842601

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
              Filesize

              4KB

              MD5

              da597791be3b6e732f0bc8b20e38ee62

              SHA1

              1125c45d285c360542027d7554a5c442288974de

              SHA256

              5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

              SHA512

              d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1GRKGEIB\px[1].js
              Filesize

              476B

              MD5

              d2183968f9080b37babfeba3ccf10df2

              SHA1

              24b9cf589ee6789e567fac3ae5acfc25826d00c6

              SHA256

              4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

              SHA512

              0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1GRKGEIB\px[1].js
              Filesize

              476B

              MD5

              d2183968f9080b37babfeba3ccf10df2

              SHA1

              24b9cf589ee6789e567fac3ae5acfc25826d00c6

              SHA256

              4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

              SHA512

              0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K1QHLR0H\search[1].htm
              Filesize

              12KB

              MD5

              2fb9764637b7c67ba7cab417cb794231

              SHA1

              98b816960fb2ae740fbe544388c431a6343967c3

              SHA256

              b839c7491b228166429ae2a7649f260c89022cc1c7dcf4448a5492d5ca2f3ef8

              SHA512

              3d354b9878caef9c5df3913b69c5018eee884b88c6649cf5fa76f06b455d1ef3d94d0a2c3970aadc6f57897bd41ddca1c8c09a9c49cdef8139fa288c6a9f041e

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UDS0USIU\px[1].js
              Filesize

              476B

              MD5

              d2183968f9080b37babfeba3ccf10df2

              SHA1

              24b9cf589ee6789e567fac3ae5acfc25826d00c6

              SHA256

              4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

              SHA512

              0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5A2S7N8\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\KnoFD8A.tmp
              Filesize

              88KB

              MD5

              002d5646771d31d1e7c57990cc020150

              SHA1

              a28ec731f9106c252f313cca349a68ef94ee3de9

              SHA256

              1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

              SHA512

              689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              3ae5039bf9463ef807069ec77c80b77f

              SHA1

              c1378888685adda75e22b51e6da8792f455f65a9

              SHA256

              c9db4ff29308f30ec6b0d5628fe7ed1148efafa9a5ab8e8e4445bddf9f9fadd0

              SHA512

              b52c23df205e6ed43054eb4b5dd3a00cfd2af312dd84ca8b2f5ba4e1bfebc2b41a7a5cf8f642866e34e45b19e29861602ffbe580ff7f3dbfd1de1c7edee73629

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              b9d9b2e6a927b08a129f771a5c0b6415

              SHA1

              6c5f92fc4793f5daf85b83ddc6f6daccd60b1bb5

              SHA256

              a1ae1f6da081a3ae96ae2306b70f88adf70feaa28292151445dfed9068cc24bc

              SHA512

              8fa9cd15bebb27f08c802b56b960f7fd99b0591ca1fcaaa273fd6c37d0806f7cd46c754e8a57f44a1864edf179150f37c88a95bd1cc56fa9bca53336f9f52be9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              b9d9b2e6a927b08a129f771a5c0b6415

              SHA1

              6c5f92fc4793f5daf85b83ddc6f6daccd60b1bb5

              SHA256

              a1ae1f6da081a3ae96ae2306b70f88adf70feaa28292151445dfed9068cc24bc

              SHA512

              8fa9cd15bebb27f08c802b56b960f7fd99b0591ca1fcaaa273fd6c37d0806f7cd46c754e8a57f44a1864edf179150f37c88a95bd1cc56fa9bca53336f9f52be9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\~DFD91436B03E29F74A.TMP
              Filesize

              16KB

              MD5

              021e4ed3ca44aad5a75545022669e5cc

              SHA1

              3ea08291a18aeb6b139924c1fa16c98c6283f88d

              SHA256

              f2ad891a71240e72add9b8fadb32bbb5863a0b8184403d2c30d0aae733fbd3c0

              SHA512

              470bf13ba65162eb3ae00d6de571be336ace01d7388ee0263039127347b21538536566b7f46511d57b98056fca60901bc04f70ae7b431c89fb09bdd091ccd06a

              Download Submit

            • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
              Filesize

              4.5MB

              MD5

              b9d9b2e6a927b08a129f771a5c0b6415

              SHA1

              6c5f92fc4793f5daf85b83ddc6f6daccd60b1bb5

              SHA256

              a1ae1f6da081a3ae96ae2306b70f88adf70feaa28292151445dfed9068cc24bc

              SHA512

              8fa9cd15bebb27f08c802b56b960f7fd99b0591ca1fcaaa273fd6c37d0806f7cd46c754e8a57f44a1864edf179150f37c88a95bd1cc56fa9bca53336f9f52be9

              Download Submit

            • memory/4472-0-0x0000000010000000-0x0000000010010000-memory.dmp

              Filesize

              64KB

              Download