bd33062b4fd4f83a84ca61fb3386643b0162f1cf9fbe3732ccd44a4ec9c48391

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe
Size

216KB
MD5

562594d5c4f0a7fe5bd48cdbad585050
SHA1

88554faa3e3314e21a6396b8fa012aadc7f14add
SHA256

bd33062b4fd4f83a84ca61fb3386643b0162f1cf9fbe3732ccd44a4ec9c48391
SHA512

befc9cc877d07e2032441719b4c5c2cac210cdf6d09c322813316e31f4bbd55183fee8569cd3147dfb4093db8de6a9a8a8f767c228195af8acd4e4c269b12cba
SSDEEP

6144:vlH4Ghfbq2BeK9mequ924H2xvZDD+UZ9fJoSfsdRgVhzFNHSi2:tffbJM2lqu9zH2TbJHHDHd2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2116	u.dll
2964	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2552	cmd.exe
2552	cmd.exe
2552	cmd.exe
2552	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2552	2292	NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe	29
PID 2292 wrote to memory of 2552	2292	NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe	29
PID 2292 wrote to memory of 2552	2292	NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe	29
PID 2292 wrote to memory of 2552	2292	NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe	29
PID 2552 wrote to memory of 2116	2552	cmd.exe	30
PID 2552 wrote to memory of 2116	2552	cmd.exe	30
PID 2552 wrote to memory of 2116	2552	cmd.exe	30
PID 2552 wrote to memory of 2116	2552	cmd.exe	30
PID 2552 wrote to memory of 2964	2552	cmd.exe	31
PID 2552 wrote to memory of 2964	2552	cmd.exe	31
PID 2552 wrote to memory of 2964	2552	cmd.exe	31
PID 2552 wrote to memory of 2964	2552	cmd.exe	31
PID 2552 wrote to memory of 2212	2552	cmd.exe	32
PID 2552 wrote to memory of 2212	2552	cmd.exe	32
PID 2552 wrote to memory of 2212	2552	cmd.exe	32
PID 2552 wrote to memory of 2212	2552	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\31AB.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.562594d5c4f0a7fe5bd48cdbad585050_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2964
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\31AB.tmp\vir.bat

Filesize
1KB

MD5
c00abd85108be058aacfd91502257864

SHA1
3cba5f3acbfc7099f9bf35accd9b990ba7adb5a1

SHA256
d459de733153232f8f9888851c147ad17c820e3c4b5614d8ed4cecafb5217463

SHA512
742b8a48438c599d723a12856d8acf79c7942595a46e2b2af48c42fff9859d42554439e9333aa897a0993b73567fcd55b8b5da9f573331e1084a5b709ed942e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\31AB.tmp\vir.bat

Filesize
1KB

MD5
c00abd85108be058aacfd91502257864

SHA1
3cba5f3acbfc7099f9bf35accd9b990ba7adb5a1

SHA256
d459de733153232f8f9888851c147ad17c820e3c4b5614d8ed4cecafb5217463

SHA512
742b8a48438c599d723a12856d8acf79c7942595a46e2b2af48c42fff9859d42554439e9333aa897a0993b73567fcd55b8b5da9f573331e1084a5b709ed942e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
f6007c105222cd5ac1ade29a117be5ba

SHA1
b7522cfff44ca03dbfe1e5067575727de21de7ef

SHA256
b5bf7b6f9f4b8958120aa27d9e2cd823b80f4ef223b3bf6f8a699bf8675f6516

SHA512
f033f9a7b9b1684bcd77bee8a58928f8c47867a85f487e447a028a2e98bd8844bb168afb6447f20b937c6588f47fc781a2a99a03bbb6fe065f5a2d9329ee8c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
744ab7e2296fe9568f43a8ef94cba34d

SHA1
2e6f814f8fa011a334d636efea9826d5550defb7

SHA256
26c0ed4eef4f5a8bde4bda78e65ee80385e3f810f79d8bc9bf683ff47de1b274

SHA512
7a85381b34202b4379bbae6d49b1665b5b00f23ea8338803d50694dac886d318758b25a05ef9788c65353b88e4b3f3d1588c45957e11a3046571452050c722c9

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
memory/2292-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2292-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads