4db8bca8cf450e8d47460a6de19602f9748501f7165127e1dc1f7c2bcf144a03

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.140f5df7834d03db0146ec779058b950_JC.exe
Size

835KB
MD5

140f5df7834d03db0146ec779058b950
SHA1

eefb6ed472e37e4757e7a86da7a61d9f4e9e5e4d
SHA256

4db8bca8cf450e8d47460a6de19602f9748501f7165127e1dc1f7c2bcf144a03
SHA512

ebac36f83cf55c45485588bc1bf06b113c0d61908545027ec0fa1e2dc7684462a1e99e75898ef7413c5cc86c3be696fc3ef2dca54622a02f74e708606e3664fb
SSDEEP

24576:yWPPdoP7d3BFMukWMG+gcXh6dvrBV1gerPxHxmbuio8Tk3Qy0HyNtK35KO:ysTTG+g+h6dvrBV1gerPxHxmbuio8g3k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2124	u.dll
2960	mpress.exe
1216	u.dll
2520	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2068	cmd.exe
2068	cmd.exe
2124	u.dll
2124	u.dll
2068	cmd.exe
2068	cmd.exe
1216	u.dll
1216	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2068	1944	NEAS.140f5df7834d03db0146ec779058b950_JC.exe	29
PID 1944 wrote to memory of 2068	1944	NEAS.140f5df7834d03db0146ec779058b950_JC.exe	29
PID 1944 wrote to memory of 2068	1944	NEAS.140f5df7834d03db0146ec779058b950_JC.exe	29
PID 1944 wrote to memory of 2068	1944	NEAS.140f5df7834d03db0146ec779058b950_JC.exe	29
PID 2068 wrote to memory of 2124	2068	cmd.exe	30
PID 2068 wrote to memory of 2124	2068	cmd.exe	30
PID 2068 wrote to memory of 2124	2068	cmd.exe	30
PID 2068 wrote to memory of 2124	2068	cmd.exe	30
PID 2124 wrote to memory of 2960	2124	u.dll	31
PID 2124 wrote to memory of 2960	2124	u.dll	31
PID 2124 wrote to memory of 2960	2124	u.dll	31
PID 2124 wrote to memory of 2960	2124	u.dll	31
PID 2068 wrote to memory of 1216	2068	cmd.exe	32
PID 2068 wrote to memory of 1216	2068	cmd.exe	32
PID 2068 wrote to memory of 1216	2068	cmd.exe	32
PID 2068 wrote to memory of 1216	2068	cmd.exe	32
PID 1216 wrote to memory of 2520	1216	u.dll	33
PID 1216 wrote to memory of 2520	1216	u.dll	33
PID 1216 wrote to memory of 2520	1216	u.dll	33
PID 1216 wrote to memory of 2520	1216	u.dll	33
PID 2068 wrote to memory of 676	2068	cmd.exe	34
PID 2068 wrote to memory of 676	2068	cmd.exe	34
PID 2068 wrote to memory of 676	2068	cmd.exe	34
PID 2068 wrote to memory of 676	2068	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\NEAS.140f5df7834d03db0146ec779058b950_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.140f5df7834d03db0146ec779058b950_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\3DDB.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.140f5df7834d03db0146ec779058b950_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\3F51.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3F51.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3F52.tmp"
      4⤵
      Executes dropped EXE
      PID:2960
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\4200.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4200.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4210.tmp"
      4⤵
      Executes dropped EXE
      PID:2520
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3DDB.tmp\vir.bat

Filesize
2KB

MD5
6e19184d15c3b72f45d50cf59e0d98ad

SHA1
179bf041f4568279c9e2795dd5d6b223c029c9b4

SHA256
084dfa3db289f5fc85c57a41c8cc27d6211a0d8ac5926b13e2e2698fae1b86bc

SHA512
98a5e1cfc4db80e378587d5d9e32d43cd04cf347360d7d7745229134c7409ab1a85f6b1d50f1fa70d5067034930b0f01e9bcd22b4516a7c73d0ccd70ada95e20

Download Submit
C:\Users\Admin\AppData\Local\Temp\3DDB.tmp\vir.bat

Filesize
2KB

MD5
6e19184d15c3b72f45d50cf59e0d98ad

SHA1
179bf041f4568279c9e2795dd5d6b223c029c9b4

SHA256
084dfa3db289f5fc85c57a41c8cc27d6211a0d8ac5926b13e2e2698fae1b86bc

SHA512
98a5e1cfc4db80e378587d5d9e32d43cd04cf347360d7d7745229134c7409ab1a85f6b1d50f1fa70d5067034930b0f01e9bcd22b4516a7c73d0ccd70ada95e20

Download Submit
C:\Users\Admin\AppData\Local\Temp\3F51.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3F51.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4200.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3F52.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3F52.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3F52.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4210.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4210.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr42AB.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
f74d2ba49d34a3978c1327d01d0fa29e

SHA1
5f4c9ab429c4eb4649389ea175e186f7c8cead0f

SHA256
79c4808a18afb17bf202e1c8300f18c31983057a60f0a8178d9e5cf5393af3ae

SHA512
c516da47c4ac44180ab10aaf4e352ec186e275e01b50fbc948fb98ef908979eee9b983447c063db97f5487b657adcfac93c373c159352c52e297be039259e0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
bdc7a002e1d387ee40aaa91ee62fc7d0

SHA1
ea39e25bc25439692903238054c1433029c30836

SHA256
ddac72202e77ea75502723ac7e00a101da4cf21e1ef047445d42c4aa30dbb210

SHA512
11b6bbd8212d5aed657408d4d2ceea0678c7215e366aa8f16654cac84c8cf08e55bc0dd255fe6b5c7e877800a518fda934b9c468fce2dc7518c7852274f34940

Download Submit
\Users\Admin\AppData\Local\Temp\3F51.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\3F51.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\4200.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\4200.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
memory/1216-142-0x0000000001E90000-0x0000000001EC4000-memory.dmp

Filesize
208KB

Download
memory/1944-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1944-160-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2124-63-0x0000000000340000-0x0000000000374000-memory.dmp

Filesize
208KB

Download
memory/2520-144-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2520-149-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2960-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2960-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads