715262e00ad48849bcfba51c8eaa45685a27d3b829b4b8eeece4e282925110ba

Analysis

max time kernel
164s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 16:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ace83b47287c2015e1e9f15f17b930e0.exe
Size

211KB
MD5

ace83b47287c2015e1e9f15f17b930e0
SHA1

7ca68da9fc64f7a441225e73b74b53585897b81d
SHA256

715262e00ad48849bcfba51c8eaa45685a27d3b829b4b8eeece4e282925110ba
SHA512

ce59b19845e6e39f67252d01cbdf28791cf242aaa71f5296ec0417f3c3e6f1e2d376df39b9458a98d955b8927ae54a1aa3491fb38ed8223e9c35b2cd483252be
SSDEEP

6144:4l0n6aur7bd8TnXlKx6e5DVofZvSHzwIXsxaxk3W:7n6aurNGXuV5DVgZ2zFXsxaxL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2800	u.dll
2908	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3320	OpenWith.exe
2852	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 1960	3512	NEAS.ace83b47287c2015e1e9f15f17b930e0.exe	92
PID 3512 wrote to memory of 1960	3512	NEAS.ace83b47287c2015e1e9f15f17b930e0.exe	92
PID 3512 wrote to memory of 1960	3512	NEAS.ace83b47287c2015e1e9f15f17b930e0.exe	92
PID 1960 wrote to memory of 2800	1960	cmd.exe	93
PID 1960 wrote to memory of 2800	1960	cmd.exe	93
PID 1960 wrote to memory of 2800	1960	cmd.exe	93
PID 2800 wrote to memory of 2908	2800	u.dll	96
PID 2800 wrote to memory of 2908	2800	u.dll	96
PID 2800 wrote to memory of 2908	2800	u.dll	96
PID 1960 wrote to memory of 780	1960	cmd.exe	97
PID 1960 wrote to memory of 780	1960	cmd.exe	97
PID 1960 wrote to memory of 780	1960	cmd.exe	97
PID 1960 wrote to memory of 4876	1960	cmd.exe	99
PID 1960 wrote to memory of 4876	1960	cmd.exe	99
PID 1960 wrote to memory of 4876	1960	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\NEAS.ace83b47287c2015e1e9f15f17b930e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ace83b47287c2015e1e9f15f17b930e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F9F0.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.ace83b47287c2015e1e9f15f17b930e0.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\55A.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\55A.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe55B.tmp"
      4⤵
      Executes dropped EXE
      PID:2908
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:780
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\55A.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\55A.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\F9F0.tmp\vir.bat

Filesize
1KB

MD5
01c87420a4b51c19c8ad935176a4cbed

SHA1
1b14185109c5a30758b11aab759b05dccd0fba1d

SHA256
3655a893db583773b08734017a63bfea3474dc2411b92bf91db49cc216d5c91c

SHA512
95943c45f0e938493e966b8c98eff72fe4637d48e7bc8a84558f3bb59ee9c5e155afed56b084da7e20a4100d17d7a91654171261ea9c9590c057646c8317ac6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe55B.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe55B.tmp

Filesize
41KB

MD5
9cc408b90f1f221a465d794185288e90

SHA1
b0a05b513abbd5ba1d780a70e29125052c95d5e4

SHA256
2cd50a509f8b47f13148e6a629e980bc203e57b91f624fb6df79f5d2317d7c7a

SHA512
789b727bf6745321d64b12a4dfe9b050256af98edf7ecf6b46607eb7aba57d0d48de7908cdf1f19aae9bbbb1c327d516aa872cd130f19d64485fec3dfa68f326

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe55B.tmp

Filesize
24KB

MD5
6fe6936f4026fc3302041fe94a50f65f

SHA1
ca3f88fb23c9cf78bda96e004866e08ca29cccb6

SHA256
9aa37a9ab8f7f1c1db0e4e0097eed487744deaaff9607386516b9961cf4d744d

SHA512
87c79e3e9af9e6cb2f67cd582e034ed8d5b863323acee872775088bc05157df59e6ed9b7b6f727167064c5b9e7a27a152a5bf1d452dee3b8e4250b2a51c1868f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr337F.tmp

Filesize
24KB

MD5
6fe6936f4026fc3302041fe94a50f65f

SHA1
ca3f88fb23c9cf78bda96e004866e08ca29cccb6

SHA256
9aa37a9ab8f7f1c1db0e4e0097eed487744deaaff9607386516b9961cf4d744d

SHA512
87c79e3e9af9e6cb2f67cd582e034ed8d5b863323acee872775088bc05157df59e6ed9b7b6f727167064c5b9e7a27a152a5bf1d452dee3b8e4250b2a51c1868f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
06b1f7fda6af2883e229fd3c90dd3fa5

SHA1
7db4343ed8a75813182ee1f02efd782ee926b376

SHA256
62e8606d3816307ea4cae483f2fb6b51ebb99427697dc5e94662d542feaaa0b8

SHA512
fc6b541e5c0410ce2d4b78f828e908c651496f0e361f8393f008c07f2bbb4f2eb2b63690d87b9823c0592fb6507a19fc8fd57ec6a741be2f3e653e62e9b380f9

Download Submit
memory/2908-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2908-64-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3512-19-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3512-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3512-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads