6f463770dd9522527e69fda1f471c82b4b050af00691a3b1b7993879a223e04b

General

Target

NEAS.6859c1b011771a78f8c1d62c046dc9b0.exe
Size

7.0MB
MD5

6859c1b011771a78f8c1d62c046dc9b0
SHA1

a16d5bffb430d8df9d47f0972b363781c3789ee5
SHA256

6f463770dd9522527e69fda1f471c82b4b050af00691a3b1b7993879a223e04b
SHA512

f65e362bf56c8b94e05eca5187567b233321f7afa2834651697f93632bfec8a9391865231e7d5523366bcc404553c9793c484f172403c4e3b369493c67c798fc
SSDEEP

49152:kwUJewPxCrMlyV5dIlrcqtLYh7GbxzIklR/Hymibmhc9KqtpOlHJ7SwoLbPhSzK:kw2gCLYhukR

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D3DD483E2BBF4C05E8AF10F5FA7626CFD3DC3092	NEAS.6859c1b011771a78f8c1d62c046dc9b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D3DD483E2BBF4C05E8AF10F5FA7626CFD3DC3092\Blob = 0f00000001000000400000005cf58dc4429325fb69e9498383333acbf76eddfd5845bb9d29fdb935b2652c9184295565157a1d83335f9b67e3e2b67d6c01238ce81adecbf3d75e98b3e99d7953000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b0000000100000038000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410020003200000009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000b676f2eddae8775cd36cb0f63cd1d4603961f49e6265ba013a2f0307b6d0b804140000000100000014000000b6a1543902c3a03f8e8abcfad4f81ca6d13a0efd1d000000010000001000000004321ccbc528a397f1620cb39dfc6d35030000000100000014000000d3dd483e2bbf4c05e8af10f5fa7626cfd3dc30922000000001000000d6050000308205d2308203baa003020102021021d6d04a4f250fc93237fcaa5e128de9300d06092a864886f70d01010d0500308180310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312430220603550403131b43657274756d2054727573746564204e6574776f726b20434120323022180f32303131313030363038333935365a180f32303436313030363038333935365a308180310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312430220603550403131b43657274756d2054727573746564204e6574776f726b204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100bdf978f8e6d5800c649d861b9664673f223a1e75017deffb5c678cc9cc5c6ba991e6b942e5204b9bda9b7bb9995dd99b804bd784402b27d3e8ba30bb3e091aa74995ef2b4024c297c7a7ee9b25efa80a0097855aaa9ddc29c9e23507eb704d4ad6c1b356b8a141389bd1fb317f8fe05fe1b13f0f8e164960d7068d18f9aa2610ab2ad3d0d1678d1b46be4730d52e72d1c563dae76379447e4b632489862e343f294c528b2aa7c0e2912889b9c05bf91dd9e727adff9a0297c1c650929b022cbda9b934590abf844affdffeb39febd99ee09823eca66b77162adbccad3b1ca487dc46735e1962684557e4908242bb42d6f061e0c1a33d66a35df418ee88c98d1745299932750231ee2926c86b02e6b562457f37155a236889d43ede4e27b0f0400cbc4d17cb4da2b31ed0065addf693cf577599f5fa861a6778b3bf96fe34dcbde75256e5b3e5757bd7419105dc5d69e3950d43b9fc839639957b6c805a4f1372c6d77d297a44ba52a42ad541460920fe22a0b65b308dbc890cd5d770f88752fddaefac512e07b34efed009da70ef98fa56e66ddbb5574bdce52c2515c89e2e784ef8da9c9e862cca57f31ae5c8928b1a82967ac3bc501269d80e5a468b3aeb26fa23c9b6b081be4200a4f8d6fe302ec7d246f6e58e75fdf2ccb9d0875bcc061060bb8335b75e67de47ec9948f1a4a115fead8c628e39554f3916b9b1639dffb70203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b6a1543902c3a03f8e8abcfad4f81ca6d13a0efd300e0603551d0f0101ff040403020106300d06092a864886f70d01010d0500038202010071a50ecee4e9bf3f38d5895ac40261fb4cc514172d8b4f536b1017fc6584c7104990dedbc7269388266f70d6025e39a0f78fab96b5a5135c81146d0e8182111b8a4ec64fa5dd621e44df0959f45b770b37e98b20c6f80a4e2e581ceb33d0cf8660c9dafb802f9e4c6084783d2164d6fb411f180fe7c97571bdbd5cde34873e41b00ef6b9d63f091396142fde9a1d5ab956ce353ab05f704d5ee329f123287259b6abc28c66261c772c2676358b28a769a0f93bf523dd851074c990035691e7afba47d412971122e3a249946ce7b7944bba2da4da338b4ca644ff5a3cc61d64d8b531e4a63c7aa8570bdbed611acbf1ce737763a4876f4c5138d6e45fc79fb6812ae4854879585e3bf8db028267c139dbc3744b3d361ef9299388685ba8441921f0a7e8810d2ce89336b437b2cab01b267a9a251f9a9a809e4b2a3ffba39afe733271c29ec672e18a6827f1e40fb4c44ca56193f89710072a3025a9b9c871b8ef68cc2d7ef5e07e0f82a86fb6ba6c834377cd8a9217a19e5b78163d45e23372dde166ca99d3c9c526fd0d680446aeb6d99b8cbe19beb1c6f219e35c02ca2cd86f4a07d9c935da4075f2c4a7196f9e42109875e6958b60bcedc512d78aced5985c569603c5ee770635ffcfe4ee3f1361eedbda2d85f0cdae9db2180945c392a17217fc47b6a00b2cf1c4de4368086a5f3bf07663fbcc062ca6c6e20eb5b9be248f	NEAS.6859c1b011771a78f8c1d62c046dc9b0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D3DD483E2BBF4C05E8AF10F5FA7626CFD3DC3092\Blob = 19000000010000001000000015b8b4807e45c1ae49fa34daa40347e6030000000100000014000000d3dd483e2bbf4c05e8af10f5fa7626cfd3dc30921d000000010000001000000004321ccbc528a397f1620cb39dfc6d35140000000100000014000000b6a1543902c3a03f8e8abcfad4f81ca6d13a0efd620000000100000020000000b676f2eddae8775cd36cb0f63cd1d4603961f49e6265ba013a2f0307b6d0b80409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703010b0000000100000038000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410020003200000053000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000400000005cf58dc4429325fb69e9498383333acbf76eddfd5845bb9d29fdb935b2652c9184295565157a1d83335f9b67e3e2b67d6c01238ce81adecbf3d75e98b3e99d792000000001000000d6050000308205d2308203baa003020102021021d6d04a4f250fc93237fcaa5e128de9300d06092a864886f70d01010d0500308180310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312430220603550403131b43657274756d2054727573746564204e6574776f726b20434120323022180f32303131313030363038333935365a180f32303436313030363038333935365a308180310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312430220603550403131b43657274756d2054727573746564204e6574776f726b204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100bdf978f8e6d5800c649d861b9664673f223a1e75017deffb5c678cc9cc5c6ba991e6b942e5204b9bda9b7bb9995dd99b804bd784402b27d3e8ba30bb3e091aa74995ef2b4024c297c7a7ee9b25efa80a0097855aaa9ddc29c9e23507eb704d4ad6c1b356b8a141389bd1fb317f8fe05fe1b13f0f8e164960d7068d18f9aa2610ab2ad3d0d1678d1b46be4730d52e72d1c563dae76379447e4b632489862e343f294c528b2aa7c0e2912889b9c05bf91dd9e727adff9a0297c1c650929b022cbda9b934590abf844affdffeb39febd99ee09823eca66b77162adbccad3b1ca487dc46735e1962684557e4908242bb42d6f061e0c1a33d66a35df418ee88c98d1745299932750231ee2926c86b02e6b562457f37155a236889d43ede4e27b0f0400cbc4d17cb4da2b31ed0065addf693cf577599f5fa861a6778b3bf96fe34dcbde75256e5b3e5757bd7419105dc5d69e3950d43b9fc839639957b6c805a4f1372c6d77d297a44ba52a42ad541460920fe22a0b65b308dbc890cd5d770f88752fddaefac512e07b34efed009da70ef98fa56e66ddbb5574bdce52c2515c89e2e784ef8da9c9e862cca57f31ae5c8928b1a82967ac3bc501269d80e5a468b3aeb26fa23c9b6b081be4200a4f8d6fe302ec7d246f6e58e75fdf2ccb9d0875bcc061060bb8335b75e67de47ec9948f1a4a115fead8c628e39554f3916b9b1639dffb70203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b6a1543902c3a03f8e8abcfad4f81ca6d13a0efd300e0603551d0f0101ff040403020106300d06092a864886f70d01010d0500038202010071a50ecee4e9bf3f38d5895ac40261fb4cc514172d8b4f536b1017fc6584c7104990dedbc7269388266f70d6025e39a0f78fab96b5a5135c81146d0e8182111b8a4ec64fa5dd621e44df0959f45b770b37e98b20c6f80a4e2e581ceb33d0cf8660c9dafb802f9e4c6084783d2164d6fb411f180fe7c97571bdbd5cde34873e41b00ef6b9d63f091396142fde9a1d5ab956ce353ab05f704d5ee329f123287259b6abc28c66261c772c2676358b28a769a0f93bf523dd851074c990035691e7afba47d412971122e3a249946ce7b7944bba2da4da338b4ca644ff5a3cc61d64d8b531e4a63c7aa8570bdbed611acbf1ce737763a4876f4c5138d6e45fc79fb6812ae4854879585e3bf8db028267c139dbc3744b3d361ef9299388685ba8441921f0a7e8810d2ce89336b437b2cab01b267a9a251f9a9a809e4b2a3ffba39afe733271c29ec672e18a6827f1e40fb4c44ca56193f89710072a3025a9b9c871b8ef68cc2d7ef5e07e0f82a86fb6ba6c834377cd8a9217a19e5b78163d45e23372dde166ca99d3c9c526fd0d680446aeb6d99b8cbe19beb1c6f219e35c02ca2cd86f4a07d9c935da4075f2c4a7196f9e42109875e6958b60bcedc512d78aced5985c569603c5ee770635ffcfe4ee3f1361eedbda2d85f0cdae9db2180945c392a17217fc47b6a00b2cf1c4de4368086a5f3bf07663fbcc062ca6c6e20eb5b9be248f	NEAS.6859c1b011771a78f8c1d62c046dc9b0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6859c1b011771a78f8c1d62c046dc9b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6859c1b011771a78f8c1d62c046dc9b0.exe"
1⤵
- Modifies system certificate store
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x0000000000EA0000-0x00000000015CB000-memory.dmp

Filesize
7.2MB

Download
memory/2648-1-0x00000257F80B0000-0x00000257F80B1000-memory.dmp

Filesize
4KB

Download
memory/2648-14-0x0000000000EA0000-0x00000000015CB000-memory.dmp

Filesize
7.2MB

Download

Analysis

Sharing