f3b8661f45a141a899fca848df060529fa134160278557ccc2c859d248dcc360

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe
Size

209KB
MD5

46c666099b0afe1c0c6bebcd6e32e340
SHA1

d0f2e5dd17141820f6ad05354c974762cd8a91d1
SHA256

f3b8661f45a141a899fca848df060529fa134160278557ccc2c859d248dcc360
SHA512

6c1abe21f7246a18bd8b16e6ef05a841694c88efb8fe29fdd9435fead87ddc5aae44bb4c323d4234600c9ce618e0e39a9b82cd906d0b078011d893ca8059b348
SSDEEP

6144:alUzJhiBtaQ8KKT/aq73VYQI2+fb/9F7cKwjvHALEk:FaBoQ8BT/F73Vm2WTcpjvHYE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2724	u.dll
2880	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2256	cmd.exe
2256	cmd.exe
2256	cmd.exe
2256	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2256	3032	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	29
PID 3032 wrote to memory of 2256	3032	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	29
PID 3032 wrote to memory of 2256	3032	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	29
PID 3032 wrote to memory of 2256	3032	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	29
PID 2256 wrote to memory of 2724	2256	cmd.exe	30
PID 2256 wrote to memory of 2724	2256	cmd.exe	30
PID 2256 wrote to memory of 2724	2256	cmd.exe	30
PID 2256 wrote to memory of 2724	2256	cmd.exe	30
PID 2256 wrote to memory of 2880	2256	cmd.exe	31
PID 2256 wrote to memory of 2880	2256	cmd.exe	31
PID 2256 wrote to memory of 2880	2256	cmd.exe	31
PID 2256 wrote to memory of 2880	2256	cmd.exe	31
PID 2256 wrote to memory of 2612	2256	cmd.exe	32
PID 2256 wrote to memory of 2612	2256	cmd.exe	32
PID 2256 wrote to memory of 2612	2256	cmd.exe	32
PID 2256 wrote to memory of 2612	2256	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\43D4.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2880
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\43D4.tmp\vir.bat

Filesize
1KB

MD5
8815a8e3bc858d1aa176cdf2df3f87d7

SHA1
322da7def0355b0b89e8bf991686ea4cc09c766a

SHA256
0ee92555e64a61bdaf4a45ea34008778eed2157c15dc28a959c96469165ab072

SHA512
ea357a26c706686c3c327983e54b9e3f558d8f02e7b5a3229074498e42c84bb216fd415b28027361dac472785f58f69060f68ad55728268d9cd8314c7384d646

Download Submit
C:\Users\Admin\AppData\Local\Temp\43D4.tmp\vir.bat

Filesize
1KB

MD5
8815a8e3bc858d1aa176cdf2df3f87d7

SHA1
322da7def0355b0b89e8bf991686ea4cc09c766a

SHA256
0ee92555e64a61bdaf4a45ea34008778eed2157c15dc28a959c96469165ab072

SHA512
ea357a26c706686c3c327983e54b9e3f558d8f02e7b5a3229074498e42c84bb216fd415b28027361dac472785f58f69060f68ad55728268d9cd8314c7384d646

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
6f820438e7d43e99d825091194927ad8

SHA1
318a18eb807d4138b57381996ca80ffe20639216

SHA256
7ea6a807a7f6f2695d3f9c1ef2f23547a93c9746dd2c13d68583640958ac6e67

SHA512
9362e8e14bf3dc055b304aa8d7d32e95218bd774ed008d8ac860eb274ee16408e3e830e6c9752aed47c96ed3bf5ef50256a517a4448c0fefa0095ebaaf49a360

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
0b56cf431ce2b73bbe06a0e012585953

SHA1
0a188b38d45e0490e28691a3b98fb99f36604e3c

SHA256
557e92cb9842852190cbd2dad7ec8d99a490206b7b32676b60dd16ce5822ecf2

SHA512
4914c83fc1bfad9ab48f74c89a4f34d561bb3f20fe6cc71f70f2e9339cf98cadc011276fd478170233142eef4fb80e03d59a2649f60b51125378c183154c40fc

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
memory/3032-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3032-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads