f032591ff92ac9f36254adcab78f85d13f6c7559ecd0e7cb782d3c49db70ca1b

Analysis

max time kernel
143s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nEO iMAGING/nEOiMAGING.exe
Size

8.3MB
MD5

aa6d9207d72a0f6361c2dd00bcae85fb
SHA1

f090d97377c79c9d54e25dd74d14718e4b18dc91
SHA256

8b019b4c1dc46d082d964090e07a8ccb27df91c50846cad01daecad1b8b0c7d9
SHA512

5db85003da895a90d7890b4ed515d284ccdd0ffd3ed7be60ac4e9ae6bd98eb761bd7ce72df0f0e1f7274ed7bde9719f85f7d9ff242d53cbf93b5df4fe711d044
SSDEEP

98304:9pgrw+QA0Lx0GPG3sDz4QAq8VUFRonPJFv5CDC+JQBypcWw200/ueS2uquV/gB5R:9tFxL+3s2BhApu6cn/gB5R

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	nEOiMAGING.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2732	nEOiMAGING.exe
2732	nEOiMAGING.exe
2732	nEOiMAGING.exe

C:\Users\Admin\AppData\Local\Temp\nEO iMAGING\nEOiMAGING.exe
"C:\Users\Admin\AppData\Local\Temp\nEO iMAGING\nEOiMAGING.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nEO iMAGING\nEOiMAGING.ini

Filesize
672B

MD5
1e7ad375af5d47acbe29eb63292952b3

SHA1
25b613256f096046fc15e6e6ffb960fca3d322a1

SHA256
5d2258eb1f513376605f3382d94da38a8312122ac842147e43d3525b8bca38a1

SHA512
03be2f0567e011c6eb0091079838731ac27dbc985b8f3055e396abe11a1ada5554e0dd60644850edd6e0dc229abfe801cf60928f63b59115e8b13bbc0094bf68

Download Submit
memory/2732-3-0x0000000002710000-0x000000000275B000-memory.dmp

Filesize
300KB

Download
memory/2732-2-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download
memory/2732-0-0x0000000060000000-0x0000000060060000-memory.dmp

Filesize
384KB

Download
memory/2732-5-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download
memory/2732-6-0x00000000074D0000-0x0000000007538000-memory.dmp

Filesize
416KB

Download
memory/2732-1-0x0000000000CA0000-0x0000000000D12000-memory.dmp

Filesize
456KB

Download
memory/2732-67-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download
memory/2732-80-0x00000000074D0000-0x0000000007538000-memory.dmp

Filesize
416KB

Download
memory/2732-79-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download
memory/2732-81-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download
memory/2732-84-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download
memory/2732-87-0x00000000074D0000-0x0000000007538000-memory.dmp

Filesize
416KB

Download
memory/2732-86-0x0000000000400000-0x0000000000C99000-memory.dmp

Filesize
8.6MB

Download