71ee779225616c6d8f2cf92ba9c749377fab11858050b5225828afe5a23a7bf9

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0a18b07ec2073080565315f2dbf37130.exe
Size

460KB
MD5

0a18b07ec2073080565315f2dbf37130
SHA1

fe414b4858cc98a483107a4492b70329552f84a1
SHA256

71ee779225616c6d8f2cf92ba9c749377fab11858050b5225828afe5a23a7bf9
SHA512

627ef56b56d4ec9a13d8641c7c39aef3da21f9cf5bc613382dc51e3bbf2b25a77ed146129486521bac6313dd9801d95a149e50e10034b6ce05808a269c6f0a21
SSDEEP

6144:BNN2KZ9UZBD1eDaILs8aIjH27wteXWwq5mT7:BNN22i18/aILVteXWxg

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22C67FE0-6F36-42A8-93CE-2C1AF16D6EBF}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B70542FF-D3E8-4584-91A7-B78C665BA74B}\TypeLib\Version = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{86D17F98-0EA8-4939-888C-6897AEFCD3D7}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6FC10999-E594-4532-BA0E-F1AFCBBAA698}\ProgID\ = "GSCServer.AnswerSites"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D9AC5C4-1AAD-46E2-B9ED-3DDA33F57D11}\TypeLib	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4B63EDC9-F81F-47AE-ADC7-0BC2800BF68A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GSCServer.DirListCol\ = "GSCServer.DirListCol"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E49B729-519C-4898-BA01-F42EC3D4C556}\ = "_DirListCol"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C5CC8494-7D75-44E0-9BC0-17D7AC006BF8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEFEA7D2-D0C5-4B8C-8C54-AC12E084379B}\ProxyStubClsid	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEFEA7D2-D0C5-4B8C-8C54-AC12E084379B}\TypeLib	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1A5E92B-4873-4151-B721-AD7F220AA8F2}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9FF614BF-A050-4B89-8D83-57CC86EA00D2}\ = "_AnswerSites"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83BBCFBA-47A0-490B-BBD5-A02E128738A5}\Programmable	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0241CE44-C0BB-4DC2-9EAD-FABC3DCD0921}\ = "GSCServer.GSCChans"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD61203B-F654-4DA2-BEC2-F3F985BCE506}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD61203B-F654-4DA2-BEC2-F3F985BCE506}\Forward	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38F569D7-306F-4D11-9D43-4AD518C9D72C}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{30883F1B-F481-4F78-BF1F-23FB9A5313C9}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEFEA7D2-D0C5-4B8C-8C54-AC12E084379B}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83BBCFBA-47A0-490B-BBD5-A02E128738A5}\VERSION\ = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9353FD3A-618C-4623-B07F-13BC8929A136}\TypeLib\Version = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{46A3EFB0-C3DB-4BB3-809D-561D3D356677}\Implemented Categories	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AD65E3D0-B5C0-44F0-B197-F72B31B35542}\ = "GSCServer.GSCChan"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GSCServer.GSCUnit\ = "GSCServer.GSCUnit"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7572C022-3BB3-4929-B5B8-F0C2CAB967AB}\VERSION	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6DF3599-2B21-491A-9701-E1D9EE47A4E3}\ = "GSCServer.GSCSrvApp"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38D8BE4D-CCC2-41A2-9AF6-C67ED596E0FB}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D977A1DB-EE11-4F35-8054-3C2701B29E92}\TypeLib\Version = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38681031-C8D7-433C-8FF5-3DF13213C4B8}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEFEA7D2-D0C5-4B8C-8C54-AC12E084379B}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E49B729-519C-4898-BA01-F42EC3D4C556}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C15789E7-823F-4C08-A845-5C3A887FFCCE}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3949D970-BB53-4E0A-A049-0434F67F6575}\TypeLib\ = "{E7743EF0-019B-4623-844A-30EC1B6D56B3}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0943B8F8-41B5-4B78-B53B-E29C8F1CCDFD}\ProxyStubClsid	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5ECB7325-3A8C-490E-842A-CFE274FE14E7}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{46A3EFB0-C3DB-4BB3-809D-561D3D356677}\ = "GSCServer.DirListCol"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GSCServer.DirListCol	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D9AC5C4-1AAD-46E2-B9ED-3DDA33F57D11}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B5F21D3-7DB8-4128-816C-E40ACF885C2B}\Implemented Categories	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22C67FE0-6F36-42A8-93CE-2C1AF16D6EBF}\ProxyStubClsid	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1F41A826-9A76-4247-9C86-C4A4C4D8B057}\VERSION	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GSCServer.GSCNets\ = "GSCServer.GSCNets"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9BD7817-2346-4C22-A981-961FD1D7ED36}\Forward\ = "{D50DC6FA-FAAF-4A7B-BB4D-7C7BC5A6750D}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9353FD3A-618C-4623-B07F-13BC8929A136}\TypeLib	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9353FD3A-618C-4623-B07F-13BC8929A136}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B4D9867-8EE6-4AC8-A633-A6CB70ACCD69}\ = "GSCServer.DirListItem"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38681031-C8D7-433C-8FF5-3DF13213C4B8}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9353FD3A-618C-4623-B07F-13BC8929A136}\TypeLib	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B5F21D3-7DB8-4128-816C-E40ACF885C2B}\VERSION\ = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D9AC5C4-1AAD-46E2-B9ED-3DDA33F57D11}\Programmable	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C15789E7-823F-4C08-A845-5C3A887FFCCE}\TypeLib\ = "{E7743EF0-019B-4623-844A-30EC1B6D56B3}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1F41A826-9A76-4247-9C86-C4A4C4D8B057}\ProgID	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4B63EDC9-F81F-47AE-ADC7-0BC2800BF68A}\TypeLib\Version = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38681031-C8D7-433C-8FF5-3DF13213C4B8}\ProxyStubClsid32	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B70542FF-D3E8-4584-91A7-B78C665BA74B}\TypeLib\Version = "1.5"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9FF614BF-A050-4B89-8D83-57CC86EA00D2}\TypeLib\ = "{E7743EF0-019B-4623-844A-30EC1B6D56B3}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D50DC6FA-FAAF-4A7B-BB4D-7C7BC5A6750D}\ = "__GSCSrvApp"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GSCServer.DirListItem\Clsid\ = "{6B4D9867-8EE6-4AC8-A633-A6CB70ACCD69}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6FC10999-E594-4532-BA0E-F1AFCBBAA698}\ = "GSCServer.AnswerSites"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEFEA7D2-D0C5-4B8C-8C54-AC12E084379B}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3949D970-BB53-4E0A-A049-0434F67F6575}\ = "GSCServer.GSCNet"	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1F41A826-9A76-4247-9C86-C4A4C4D8B057}\TypeLib	NEAS.0a18b07ec2073080565315f2dbf37130.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9BD7817-2346-4C22-A981-961FD1D7ED36}\Forward	NEAS.0a18b07ec2073080565315f2dbf37130.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1468	NEAS.0a18b07ec2073080565315f2dbf37130.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.0a18b07ec2073080565315f2dbf37130.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0a18b07ec2073080565315f2dbf37130.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1468

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads