fb357257ce1fdb6df2bb2ba88229cd515827c8d121870054baa19bc48401ab97

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39da1f3d32e1c35f864df6831f214a40_NEAS.exe
Size

629KB
MD5

39da1f3d32e1c35f864df6831f214a40
SHA1

4e1a7879b32641fb4a5dea5cd4b147d043f85c10
SHA256

fb357257ce1fdb6df2bb2ba88229cd515827c8d121870054baa19bc48401ab97
SHA512

e080c9a24c5dd901318eabebf62ada0f0baa95d6c397c454dd77a5b1a8713cb6e62d686d34f15f337072eafc2ae64eb89c0ccb58580e6c3c556f57ff265fc608
SSDEEP

12288:QYW3jRKDVF5jz7yAhwDYtmaF0TjklTP7C3fZM4LrCoUdvifnfD:Q1jRy+AhwDYtma4gTP7C3fZM4vClwfnr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	39da1f3d32e1c35f864df6831f214a40_NEAS.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	39da1f3d32e1c35f864df6831f214a40_NEAS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	39da1f3d32e1c35f864df6831f214a40_NEAS.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2360	39da1f3d32e1c35f864df6831f214a40_NEAS.exe
2360	39da1f3d32e1c35f864df6831f214a40_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\39da1f3d32e1c35f864df6831f214a40_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\39da1f3d32e1c35f864df6831f214a40_NEAS.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\XyYjuLBsYa.tmp\js\control.js

Filesize
1KB

MD5
7a1aa3d3071bf2df5f4c4b67b48305c7

SHA1
80ba577cf895e73af1fd3c1daf40a1dcc40b5e1c

SHA256
5e4fc8ef788d82cb8a6de7cc4df451f0129528e2bb76b09c4f86f43ce85d9508

SHA512
e4f45c37e770719b4fca3238b326779948ec2f807a262d8e1bdaa776ef48acccd7befc0604cfea89fb41266ab2fc28909ebdeaa2f7259f639e10665af7acae0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\XyYjuLBsYa.tmp\js\jquery.min.js

Filesize
92KB

MD5
b8d64d0bc142b3f670cc0611b0aebcae

SHA1
abcd2ba13348f178b17141b445bc99f1917d47af

SHA256
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

SHA512
a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\XyYjuLBsYa.tmp\js\jquery.tinyscrollbar.min.js

Filesize
2KB

MD5
1cffa7bc4e5a9b981301514ec7226331

SHA1
f52021d8c2762b1ad88173124f54b2e62a4009f9

SHA256
e4363db5d48bbc5c7aca4877483bc903279b227d7a03493033b3fa7fd8d13269

SHA512
8161f88bf69883576cb20c8db03dd7a7fac4eb62b4dfd90d34a5b2028f6df124549f62b6878179956c40cdbfc2bef024c3379e70afb0aa660e513e567b219ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\XyYjuLBsYa.tmp\startpage.html

Filesize
1KB

MD5
83c69c5ded8a958b48052e38a8034bb3

SHA1
aa547fbd05ed38ea4b9465ddc42af4a3c6ac633b

SHA256
a5c73407d1d95a202d56df19023a59bf1290bfbbd76555b697beff9645f684b0

SHA512
34812f673b1d0eb8386e6a7fe9455daea5cda3fc39ea5d67ae7a52678fe13c8322d80c73b7064490bd7c4befeff574b5e3e50bdbbb7e0e19241781d1e7e745af

Download Submit