fc7762e523639eb51d8f9aa092a3dadaae562a946dc838ce4cdb6676ab39672c

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b5e928b208f4e2c0a47405638121c110.exe
Size

1.3MB
MD5

b5e928b208f4e2c0a47405638121c110
SHA1

463b988471807ce2194aafcfc31988883ab2f0c5
SHA256

fc7762e523639eb51d8f9aa092a3dadaae562a946dc838ce4cdb6676ab39672c
SHA512

0c5e4a7e0f8bcc12be21c34796a06e47a1be2a86c54328b463581e13add97d0afb420a678463d7212ac5a989beb3b321d4e17f826dda9c68699fd0441913d7df
SSDEEP

24576:zbTPVuYTqMi8CtBd2QHCHmTBW5K+JIU3O:vT/qJtb2IOJIU+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2796-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x00070000000120e5-6.dat	upx
behavioral1/memory/2796-779-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2796-3661-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winver.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\gpresult.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\setupugc.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\vssadmin.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\relog.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\sc.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\taskmgr.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\autofmt.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\cmd.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\ipconfig.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\reg.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\upnpcont.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\whoami.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\fc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\fixmapi.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\gpresult.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\wlanext.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\MuiUnattend.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\regini.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\expand.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\grpconv.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\hh.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\instnm.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\iscsicli.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\rasphone.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\where.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\eventcreate.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\prevhost.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\com\comrepl.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\ktmutil.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\logagent.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\msinfo32.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\format.com	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\NAPSTAT.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\rasautou.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\regedit.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\migwiz\mighost.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\mmc.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\net.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\Magnify.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\psr.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Windows Mail\wab.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Windows Media Player\wmplayer.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jre7\bin\java.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_b323fd6ee3f98653\label.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_cc12387f7062eb3b\cliconfg.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_4afdc98b09e3cfe8\PkgMgr.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2\recdisc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\NETSTAT.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_5208a7a3d3caa54c\net.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\wowreg32.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_11.2.9600.16428_none_441eccc2f13eab51\iecleanup.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8\ngen.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\msil_edmgen_b77a5c561934e089_6.1.7601.17514_none_cddf79f7120d371d\EdmGen.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_6.1.7600.16385_none_e4f094112e8f905d\wimserv.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7600.16385_none_d96243212694b69e\esentutl.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.1.7601.17514_none_be8bab32249b2a4e\RegSvcs.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\ehome\Mcx2Prov.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setx_31bf3856ad364e35_6.1.7600.16385_none_086bc77632c16995\setx.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_dd3a06567424a01b\WsatConfig.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.1.7601.17514_none_7920b60d569a4a1e\wmlaunch.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmUi.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3\PDIALOG.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_1457169844ae9574\msinfo32.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17932_none_d088def7226177d5\setup16.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_netfx-clrgc_b03f5f7f11d50a3a_6.1.7601.17514_none_ad7a390fa131c970\clrgc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.1.7601.17514_none_5e47617f33c574ac\SMConfigInstaller.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\IMCCPHR.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_6.1.7600.16385_none_c09aa5b3bec88beb\BdeUISrv.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22\WFS.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4\MRINFO.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_netfx-ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_7dfc94f7357c56d2\IEExec.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_6.1.7600.16385_none_bbbd275974c7e191\verclsid.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\IMEPADSV.EXE-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5\McxTask.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_46d2efef53c02386\wextract.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_dc2a59723dcfa2c7\RmClient.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_df7c5af777ec4541\drvinst.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b\ddodiag.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\OptionalFeatures.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_494ba66d2a12efc3\Netplwiz.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\ehome\ehprivjob.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\print.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_6.1.7600.16385_none_7861b83567d966e6\ksetup.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.1.7600.16385_none_a6c7190f7292676c\scrcons.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_51bcbc61a5466a58\CertEnrollCtrl.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_61573ee0c2c4be2b\wecutil.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_5f774c61592c67c3\netsh.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.1.7601.17514_none_8b399e33ba72bed9\twunk_32.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Boot\DVD\PCAT\etfsboot.com-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\ehome\ehprivjob.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\imjpuexc.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_a7b238407d550501\clip.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe-	NEAS.b5e928b208f4e2c0a47405638121c110.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe	NEAS.b5e928b208f4e2c0a47405638121c110.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.b5e928b208f4e2c0a47405638121c110.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b5e928b208f4e2c0a47405638121c110.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
2.1MB

MD5
7aa495392d17cfa3ff7ede52671eccab

SHA1
e644fd612d3a40b4bdd1e68460eaab63ee95474b

SHA256
175573111262d0582f6a8788186a812a201dfd1f000478c75e1b066192903a08

SHA512
ce070cc3e8d06a72ce1c92d24a5891d6ec5179ef7b45e51770bac84835f8d887159582744fe49d4b32e07cdfc4249a245fe04f34a522f7863e824774591a8a80

Download Submit
memory/2796-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2796-779-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2796-3661-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download