7f42ad2f396f19121cd7ea5545caf8a2189b0650822e90485ec43ad5164f4d79

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.18c67168c3e6a43dec438261b56b44a0.exe
Size

965KB
MD5

18c67168c3e6a43dec438261b56b44a0
SHA1

a1684cbab47743b494c477dcd362416a54dd8415
SHA256

7f42ad2f396f19121cd7ea5545caf8a2189b0650822e90485ec43ad5164f4d79
SHA512

7e8e62892a8fb6c4c194d9748a6a1be1483fd8ac3224cffe9c9e22b8261febe058bf778f6bd07f6fd0dccac8a7ea782d687005de2005d2d135d868d234088964
SSDEEP

12288:i2ToLD2QfWUEknSsmjj/UVF4TGSdvGvTjMVJK1P5aEL3lUbyhxoeVsc:ikuPfWsnnw/UV+GSdvG3MVcRaGM2v1

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSNCore = "C:\\Users\\Admin\\AppData\\Local\\upNext.exe --i"	NEAS.18c67168c3e6a43dec438261b56b44a0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1716	NEAS.18c67168c3e6a43dec438261b56b44a0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.18c67168c3e6a43dec438261b56b44a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.18c67168c3e6a43dec438261b56b44a0.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.18c67168c3e6a43dec438261b56b44a0.exe

Filesize
965KB

MD5
987cf5a491b11a5eac525882d58289e2

SHA1
1445dccad01f9a59d79d18e4bf3109eebc4c941b

SHA256
7226a0df7e2e2c98d36e798a61b90539c4e55428089358d32a320379e86547b3

SHA512
77bc1e67b766c5eadc7e98bc8ab38cdcb28dc6e5515bcff96bcb5b4c4206188df6a9279f7da69a8b22733910de97bdd599f3dc6c8a8f304bf34a12ac088ee33c

Download Submit
memory/1716-13-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-12-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-3-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-9-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-14-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-11-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-4-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-2-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1716-10-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1716-15-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-16-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-17-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-18-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-19-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-20-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/1716-21-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads