589acd0194111ba228f896c32a71bc137e12b3dd8e08ef4eb4bd423549909162

Analysis

max time kernel
115s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6ae49e61d949f0b833ef3d78f8c22c20.exe
Size

236KB
MD5

6ae49e61d949f0b833ef3d78f8c22c20
SHA1

17b459ebd01f852fc50f6bd352a46de7ad17ffa1
SHA256

589acd0194111ba228f896c32a71bc137e12b3dd8e08ef4eb4bd423549909162
SHA512

b54f837fd34629cd1366346e1d55d9bf5bb826d2917530d4f855c181189e33edee99803b0557a673bef58b55ec4297d7bd41c3cf0f27cc75f7a0628f977b8654
SSDEEP

3072:1/eOrj+K1j+stAo7jpD73KvTYEIQkeJ3rH1eEcIGLr+d3imFc1o/VFOuD4nYcR8v:tBlAQd3eCQTJbH1eEcIGLrOTFtFOh/i

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1624	giuchbl.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\giuchbl.exe	NEAS.6ae49e61d949f0b833ef3d78f8c22c20.exe
File created	C:\PROGRA~3\Mozilla\nxsukhg.dll	giuchbl.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6ae49e61d949f0b833ef3d78f8c22c20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6ae49e61d949f0b833ef3d78f8c22c20.exe"
1⤵
- Drops file in Program Files directory
PID:5024

C:\PROGRA~3\Mozilla\giuchbl.exe
C:\PROGRA~3\Mozilla\giuchbl.exe -tvuydyl
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\giuchbl.exe

Filesize
236KB

MD5
f0bb47125e0ab727d9b3134ad091f47a

SHA1
6cdf0ed2710c21143b0899b28cfe0f36c3e20ff2

SHA256
d8f24c882ef748e1e3fa0b516b8a1ba8733b3d4a4488ea9d5513555a5d0b69b6

SHA512
953106a78d16a6cd861217c51255ba073e6cd8d37f9cc05729f61b55f8bec223415a7c88b572785fc9e4a6242814d5f95356a8c1f208f4a8156b0bd8705c0e7d

Download Submit
C:\ProgramData\Mozilla\giuchbl.exe

Filesize
236KB

MD5
f0bb47125e0ab727d9b3134ad091f47a

SHA1
6cdf0ed2710c21143b0899b28cfe0f36c3e20ff2

SHA256
d8f24c882ef748e1e3fa0b516b8a1ba8733b3d4a4488ea9d5513555a5d0b69b6

SHA512
953106a78d16a6cd861217c51255ba073e6cd8d37f9cc05729f61b55f8bec223415a7c88b572785fc9e4a6242814d5f95356a8c1f208f4a8156b0bd8705c0e7d

Download Submit
memory/1624-10-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1624-11-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1624-12-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1624-16-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/5024-0-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/5024-1-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/5024-2-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/5024-3-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/5024-9-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download