5107d5b9da6e5e27baec355c7057bd8e8e75203d65cab78e0912ae123d3ece62

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
17-11-2023 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6a74768de5035c243e3ddb22769eb410.exe
Size

1.1MB
MD5

6a74768de5035c243e3ddb22769eb410
SHA1

a5bbda1281b578821266be63cc75cc6d410443fd
SHA256

5107d5b9da6e5e27baec355c7057bd8e8e75203d65cab78e0912ae123d3ece62
SHA512

b3246ac93819c36e82f35449d4d75a967c22806423e9d9ba1248da80bb64de8295f5aa803b1d025a9c9d7d6c45b5af33c466ca9a5876b98672b5724b8d3e5bf8
SSDEEP

24576:65jcAkSYqyEZYTqMi8CtBd2QHCHmTBW5mT3:gpYqQqJtb2Iz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1276-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000f00000001201d-6.dat	upx
behavioral1/memory/1276-859-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-1130-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-1315-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-1676-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-2454-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-3670-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-3671-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-3672-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-3673-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1276-3677-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fc.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\proquota.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\reg.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\relog.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\shutdown.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\srdelayed.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\user.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\regedit.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\DeviceProperties.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\doskey.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\regsvr32.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\Ribbons.scr-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\compact.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\msra.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\ctfmon.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\esentutl.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\secinit.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\subst.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\format.com-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\fc.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\forfiles.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\setx.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\gpscript.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\makecab.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\sc.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\setupSNK.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\raserver.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\tracerpt.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\certreq.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\cmstp.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\diskraid.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\driverquery.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\logagent.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\net.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\cipher.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\clip.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\explorer.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\migwiz\MigSetup.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\cscript.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\ktmutil.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\print.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\whoami.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\fltMC.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\netsh.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\osk.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\regedt32.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\SysWOW64\tzutil.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\SetPing.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\msdt.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_800bbdee85723191\RmClient.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_244e76d61e1989e5\SndVol.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_752e3bb068638683\msfeedssync.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_e501f8e06b32b48f\net1.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_092d6b9141f16aca\WinMgmt.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7600.16385_none_f230138205aebc59\charmap.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_e6fcbd244bb7bf74\openfiles.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\qappsrv.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\msil_loadmxf_31bf3856ad364e35_6.1.7600.16385_none_388de5065074b62c\loadmxf.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\WerFaultSecure.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_c82fdb5265bc18af\SndVol.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.1.7601.17514_none_c9f484476f1589ca\PhotoScreensaver.scr-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\TabTip.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_6f4ef219dd693ca6\WPDShextAutoplay.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_narrator-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_8b63c5e0db87fde8\Narrator.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628\gpupdate.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a\isintsup.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0\PresentationSettings.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmplayer.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379\msinfo32.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_2b2984d40648fbe7\Locator.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4\TCPSVCS.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrs.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d\mount.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_61573ee0c2c4be2b\wecutil.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\instnm.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_infocard_b77a5c561934e089_6.1.7601.17514_none_9fe7c337d52f2ea7\infocard.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_5208a7a3d3caa54c\net.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22\diskcopy.com-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\relog.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPDADM.EXE-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\doskey.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_ad54ab3a7801c830\fixmapi.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_533d797efdf7728b\SystemPropertiesAdvanced.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7600.16385_none_8c3ac2e4279846be\timeout.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fdddo_31bf3856ad364e35_6.1.7600.16385_none_b0de2afe4ca7a1e2\DeviceDisplayObjectProvider.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff\wmpenc.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_b9c82ac6f7db99ae\where.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1\verifier.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setupcl_31bf3856ad364e35_6.1.7601.17514_none_b6d50b4301e77815\setupcl.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\qprocess.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xcopy_31bf3856ad364e35_6.1.7600.16385_none_beea9c500dfd4622\xcopy.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\posix.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sbunattend.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_5b9fee911dc04044\eudcedit.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deployment_31bf3856ad364e35_6.1.7600.16385_none_57e3e87206ff08ca\setupugc.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_cb9353551bbd8ed8\DevicePairingWizard.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.5.7601.17514_none_af500e3c7fc49bc4\wuapp.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7601.17514_none_da00ad1949e715ad\unlodctr.exe-	NEAS.6a74768de5035c243e3ddb22769eb410.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6a74768de5035c243e3ddb22769eb410.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6a74768de5035c243e3ddb22769eb410.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
2.0MB

MD5
a87363906112983d4a94e6cecf823896

SHA1
709d6ff9e59b80d885b40fadaf77a400e13e14f3

SHA256
21bb40fd89e9e6d11ae74739c8367ba60e54db4ba91305dd6b80818239a15d1c

SHA512
d29581ab6f9697e3c168a17c3cbef0a1bad9cbc7b1e277d38c997ccd065ea468cf2b6c72ba93eef13b43278849ae7075f1167ad05e46fbb2eaa9d04049baa7b7

Download Submit
memory/1276-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-859-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-1130-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-1315-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-1676-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-2454-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-3670-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-3671-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-3672-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-3673-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1276-3677-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download