715abd5a6ecd3e0e9a5af51d528354c3933d973afd9f0c10d9ebaa3e36968cd4

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0277ee9104b130b0cf9a89ad73199e90.exe
Size

166KB
MD5

0277ee9104b130b0cf9a89ad73199e90
SHA1

1d4a1475eba36b6ba369b6358bdf64b7cd3e9011
SHA256

715abd5a6ecd3e0e9a5af51d528354c3933d973afd9f0c10d9ebaa3e36968cd4
SHA512

81eda84dcfbf43d9a56ee0838536ee4e008f13b79a41b794d30e7f7d07d6abc5418293ada12052b117488a009c41097f4c9b8e0f71267f2f57aa9b592a3dfa26
SSDEEP

3072:hkRnaAw3U5uHZG2izxb6pXeJ7PQnxLbmHKKZzkvlNomKnYYssmehG9Neuo:CtaE5uHZG2izspLxLbWsKYz99g9

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1444	ecxnjia.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ecxnjia.exe	NEAS.0277ee9104b130b0cf9a89ad73199e90.exe
File created	C:\PROGRA~3\Mozilla\qxogatk.dll	ecxnjia.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.0277ee9104b130b0cf9a89ad73199e90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0277ee9104b130b0cf9a89ad73199e90.exe"
1⤵
- Drops file in Program Files directory
PID:1128

C:\PROGRA~3\Mozilla\ecxnjia.exe
C:\PROGRA~3\Mozilla\ecxnjia.exe -goglxbn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\ecxnjia.exe

Filesize
166KB

MD5
c68a60ad553604d84617dbd37ebbecf6

SHA1
f25a476c83d49a782f8e06ad98140963059c67cd

SHA256
c32ca261e73e63e53f0cb841ab91252ca4b95a2d7526eeda4e6da32f42df0d2e

SHA512
e2cb343196de5a1dccbee65fa76f659a5ad94394f9b49fe4f284e03517c3247b58ecd51b166c3b69a2b17ff44c3d87ea8ca5f802b645573171ef70bb480e6433

Download Submit
C:\ProgramData\Mozilla\ecxnjia.exe

Filesize
166KB

MD5
c68a60ad553604d84617dbd37ebbecf6

SHA1
f25a476c83d49a782f8e06ad98140963059c67cd

SHA256
c32ca261e73e63e53f0cb841ab91252ca4b95a2d7526eeda4e6da32f42df0d2e

SHA512
e2cb343196de5a1dccbee65fa76f659a5ad94394f9b49fe4f284e03517c3247b58ecd51b166c3b69a2b17ff44c3d87ea8ca5f802b645573171ef70bb480e6433

Download Submit
memory/1128-0-0x00000000022F0000-0x000000000234B000-memory.dmp

Filesize
364KB

Download
memory/1128-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1128-6-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1444-8-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1444-7-0x0000000000E40000-0x0000000000E9B000-memory.dmp

Filesize
364KB

Download
memory/1444-11-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download