f3b8661f45a141a899fca848df060529fa134160278557ccc2c859d248dcc360

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2023 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe
Size

209KB
MD5

46c666099b0afe1c0c6bebcd6e32e340
SHA1

d0f2e5dd17141820f6ad05354c974762cd8a91d1
SHA256

f3b8661f45a141a899fca848df060529fa134160278557ccc2c859d248dcc360
SHA512

6c1abe21f7246a18bd8b16e6ef05a841694c88efb8fe29fdd9435fead87ddc5aae44bb4c323d4234600c9ce618e0e39a9b82cd906d0b078011d893ca8059b348
SSDEEP

6144:alUzJhiBtaQ8KKT/aq73VYQI2+fb/9F7cKwjvHALEk:FaBoQ8BT/F73Vm2WTcpjvHYE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
736	u.dll
3968	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4968	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 4436	628	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	87
PID 628 wrote to memory of 4436	628	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	87
PID 628 wrote to memory of 4436	628	NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe	87
PID 4436 wrote to memory of 736	4436	cmd.exe	88
PID 4436 wrote to memory of 736	4436	cmd.exe	88
PID 4436 wrote to memory of 736	4436	cmd.exe	88
PID 736 wrote to memory of 3968	736	u.dll	91
PID 736 wrote to memory of 3968	736	u.dll	91
PID 736 wrote to memory of 3968	736	u.dll	91
PID 4436 wrote to memory of 844	4436	cmd.exe	93
PID 4436 wrote to memory of 844	4436	cmd.exe	93
PID 4436 wrote to memory of 844	4436	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EE86.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.46c666099b0afe1c0c6bebcd6e32e340_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\EF71.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\EF71.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeEF72.tmp"
      4⤵
      Executes dropped EXE
      PID:3968
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EE86.tmp\vir.bat

Filesize
1KB

MD5
8815a8e3bc858d1aa176cdf2df3f87d7

SHA1
322da7def0355b0b89e8bf991686ea4cc09c766a

SHA256
0ee92555e64a61bdaf4a45ea34008778eed2157c15dc28a959c96469165ab072

SHA512
ea357a26c706686c3c327983e54b9e3f558d8f02e7b5a3229074498e42c84bb216fd415b28027361dac472785f58f69060f68ad55728268d9cd8314c7384d646

Download Submit
C:\Users\Admin\AppData\Local\Temp\EF71.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\EF71.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeEF72.tmp

Filesize
41KB

MD5
a2c3062fa164e9bfe5a343b4dcbc95c5

SHA1
3a9ab7db5f1a0c958828a58561779800532babee

SHA256
abaa1cf5206bf5b210bb8673e718356cfce1b863f7429df9fb88dff486a9e642

SHA512
cc3af460becb242a8e06c1906b49949a7d7fb4f622950ef9c3479f5143d70bb261c91131b402f98a34268d1d94ef45f4b521a09295360a231700ade6d739fd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeEF72.tmp

Filesize
41KB

MD5
a2c3062fa164e9bfe5a343b4dcbc95c5

SHA1
3a9ab7db5f1a0c958828a58561779800532babee

SHA256
abaa1cf5206bf5b210bb8673e718356cfce1b863f7429df9fb88dff486a9e642

SHA512
cc3af460becb242a8e06c1906b49949a7d7fb4f622950ef9c3479f5143d70bb261c91131b402f98a34268d1d94ef45f4b521a09295360a231700ade6d739fd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeEF72.tmp

Filesize
24KB

MD5
615cf02a831ad50dec9c776daff01ba3

SHA1
6d9f36270c32cfd8f33d22cb5647e3b559997790

SHA256
2914430430416af4bf2e7b75306923518661cd7fcd7de9194c10902d7f1e58fa

SHA512
a9b821ace1e6dac19b9060bc74393dc25e0d3c702449bba46af34e96731502873aa30c9957a32ac8e113bdb09ee9be87309fc79a7302bea01a97ce9e09913539

Download Submit
C:\Users\Admin\AppData\Local\Temp\mprC5F.tmp

Filesize
24KB

MD5
615cf02a831ad50dec9c776daff01ba3

SHA1
6d9f36270c32cfd8f33d22cb5647e3b559997790

SHA256
2914430430416af4bf2e7b75306923518661cd7fcd7de9194c10902d7f1e58fa

SHA512
a9b821ace1e6dac19b9060bc74393dc25e0d3c702449bba46af34e96731502873aa30c9957a32ac8e113bdb09ee9be87309fc79a7302bea01a97ce9e09913539

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
6f820438e7d43e99d825091194927ad8

SHA1
318a18eb807d4138b57381996ca80ffe20639216

SHA256
7ea6a807a7f6f2695d3f9c1ef2f23547a93c9746dd2c13d68583640958ac6e67

SHA512
9362e8e14bf3dc055b304aa8d7d32e95218bd774ed008d8ac860eb274ee16408e3e830e6c9752aed47c96ed3bf5ef50256a517a4448c0fefa0095ebaaf49a360

Download Submit
memory/628-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/628-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/628-58-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3968-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3968-64-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads