cdfbc8e01f2fc965152db8702ff4f5e6f14b92398941aabe492839125507cb72

Analysis

max time kernel
113s
max time network
28s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.849dd87d43e29ad61e06633f6fa67690.exe
Size

760KB
MD5

849dd87d43e29ad61e06633f6fa67690
SHA1

0dca4f60006ee83671f7461b4b3665adbf63286b
SHA256

cdfbc8e01f2fc965152db8702ff4f5e6f14b92398941aabe492839125507cb72
SHA512

d0c30dfcba04262719759835f3b5358248e642606795b4e5d3ba95e06531fb7e53f51d193cc34031ba0c12d0fee086735b0ced59fc5b723aa0aa95927cf97321
SSDEEP

12288:GCHqSpDS5cTfsrtPdOy4nVY5/pBdNQxIs+iVhwFAYMWCH:bqSY5cHY5Po4iVmF0L

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1200	u.dll
2628	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2232	cmd.exe
2232	cmd.exe
2232	cmd.exe
2232	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2232	2904	NEAS.849dd87d43e29ad61e06633f6fa67690.exe	28
PID 2904 wrote to memory of 2232	2904	NEAS.849dd87d43e29ad61e06633f6fa67690.exe	28
PID 2904 wrote to memory of 2232	2904	NEAS.849dd87d43e29ad61e06633f6fa67690.exe	28
PID 2904 wrote to memory of 2232	2904	NEAS.849dd87d43e29ad61e06633f6fa67690.exe	28
PID 2232 wrote to memory of 1200	2232	cmd.exe	29
PID 2232 wrote to memory of 1200	2232	cmd.exe	29
PID 2232 wrote to memory of 1200	2232	cmd.exe	29
PID 2232 wrote to memory of 1200	2232	cmd.exe	29
PID 2232 wrote to memory of 2628	2232	cmd.exe	30
PID 2232 wrote to memory of 2628	2232	cmd.exe	30
PID 2232 wrote to memory of 2628	2232	cmd.exe	30
PID 2232 wrote to memory of 2628	2232	cmd.exe	30
PID 2232 wrote to memory of 524	2232	cmd.exe	31
PID 2232 wrote to memory of 524	2232	cmd.exe	31
PID 2232 wrote to memory of 524	2232	cmd.exe	31
PID 2232 wrote to memory of 524	2232	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\NEAS.849dd87d43e29ad61e06633f6fa67690.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.849dd87d43e29ad61e06633f6fa67690.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\F518.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.849dd87d43e29ad61e06633f6fa67690.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1200
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2628
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\F518.tmp\vir.bat

Filesize
2KB

MD5
4e87fca4f8bcff4de1c0e6100d54d9eb

SHA1
27f68333084458df83b0fe99fdd54e381a06e694

SHA256
3439e0469df6d2f338bea1b00bbfc2cce84181cbf0cf68863062a51c662af52b

SHA512
f54bd9f266467ae9e36cee8ace87d9a051a7bab1400a5df5b108d76bdc63cae44c6f078a9c36c224b9ba95ba21ae1e02cd34d6219995490aa75b35b0f93cef96

Download Submit
C:\Users\Admin\AppData\Local\Temp\F518.tmp\vir.bat

Filesize
2KB

MD5
4e87fca4f8bcff4de1c0e6100d54d9eb

SHA1
27f68333084458df83b0fe99fdd54e381a06e694

SHA256
3439e0469df6d2f338bea1b00bbfc2cce84181cbf0cf68863062a51c662af52b

SHA512
f54bd9f266467ae9e36cee8ace87d9a051a7bab1400a5df5b108d76bdc63cae44c6f078a9c36c224b9ba95ba21ae1e02cd34d6219995490aa75b35b0f93cef96

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
ae8df6df14b3b5476dadd9d65b7110ec

SHA1
bad4100ffd4edd5c7f8f151d44a4e81d87b02a26

SHA256
e22f422079542af79c03620bd074fc9d84cfb71e996a58f8f13041fe81a61cf4

SHA512
fd43434bf59cfdbc8446afdbc2a4a6321fa3437418b382f58eb921ae4916d03bd223aaba60497967b5c0a452b43c4901da7cfa88295ad9e661bf504dc8bcecfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
e265bb83c080b46dbcbb02c900f11ec3

SHA1
46955051b2d811d07282b51aba32e1a971b2f7f3

SHA256
4e01f048d018229189db8fb81f42a209e14dd77f52cca7f69e85cbf6ad245188

SHA512
b2daf56751dc6d680d9948fe103a6d21b0ea8c377cfd36d269866cc223b1674ec2aef23dff18dd493678ecc0192b480e1bd9af7c61691b2453206d813ba3f016

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
memory/2904-0-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/2904-10-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads