2bbd3c7b0ba9057e0bc76b5188919af1d155baf632adf88bfec7b3ac19b4f7d8

Analysis

max time kernel
142s
max time network
127s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.908d0c623ac18f01731c99c048c37000_JC.exe
Size

835KB
MD5

908d0c623ac18f01731c99c048c37000
SHA1

b73f0abad18ff36b4030cf9799fd4dceb0e11c44
SHA256

2bbd3c7b0ba9057e0bc76b5188919af1d155baf632adf88bfec7b3ac19b4f7d8
SHA512

3a3b321b0ebd7714a81d41e46abcedc4741aee4e526081933e38d79f2196102ef8c102360dc86264d85118f799ce496e3bcd74b25b122ba7f20978a01821f0fa
SSDEEP

24576:ATH0N2rP7d3BFMukWMG+gcXh6dvrBV1gerPxHxmbuio8Tk3Qy0HyNtK35KO:ATH0NvTG+g+h6dvrBV1gerPxHxmbuiow

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1788	u.dll
2592	mpress.exe
1704	u.dll

Loads dropped DLL 6 IoCs

pid	Process
3040	cmd.exe
3040	cmd.exe
1788	u.dll
1788	u.dll
3040	cmd.exe
3040	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 3040	1756	NEAS.908d0c623ac18f01731c99c048c37000_JC.exe	29
PID 1756 wrote to memory of 3040	1756	NEAS.908d0c623ac18f01731c99c048c37000_JC.exe	29
PID 1756 wrote to memory of 3040	1756	NEAS.908d0c623ac18f01731c99c048c37000_JC.exe	29
PID 1756 wrote to memory of 3040	1756	NEAS.908d0c623ac18f01731c99c048c37000_JC.exe	29
PID 3040 wrote to memory of 1788	3040	cmd.exe	30
PID 3040 wrote to memory of 1788	3040	cmd.exe	30
PID 3040 wrote to memory of 1788	3040	cmd.exe	30
PID 3040 wrote to memory of 1788	3040	cmd.exe	30
PID 1788 wrote to memory of 2592	1788	u.dll	31
PID 1788 wrote to memory of 2592	1788	u.dll	31
PID 1788 wrote to memory of 2592	1788	u.dll	31
PID 1788 wrote to memory of 2592	1788	u.dll	31
PID 3040 wrote to memory of 1704	3040	cmd.exe	32
PID 3040 wrote to memory of 1704	3040	cmd.exe	32
PID 3040 wrote to memory of 1704	3040	cmd.exe	32
PID 3040 wrote to memory of 1704	3040	cmd.exe	32
PID 3040 wrote to memory of 2856	3040	cmd.exe	33
PID 3040 wrote to memory of 2856	3040	cmd.exe	33
PID 3040 wrote to memory of 2856	3040	cmd.exe	33
PID 3040 wrote to memory of 2856	3040	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\NEAS.908d0c623ac18f01731c99c048c37000_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.908d0c623ac18f01731c99c048c37000_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4B14.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.908d0c623ac18f01731c99c048c37000_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\4D07.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4D07.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4D08.tmp"
      4⤵
      Executes dropped EXE
      PID:2592
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1704
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4B14.tmp\vir.bat

Filesize
1KB

MD5
4cda739e4e5471cce9d2917c7e3050df

SHA1
b7ddd7914b9e26a61abcd21632d675b67a18f195

SHA256
bfdbdb295b5977eaa1be7c30c15c3dee0e8a1fb3c503b9c954c504a9a7f91b32

SHA512
ba5f2b44114b1d5120c1102c4d8a89f56f2736dd05540977b72e47f8a5e56396e4be652ca78686b81c3e4b04c2b7afb8e80adbb94d9f916b9c9627f1743c4979

Download Submit
C:\Users\Admin\AppData\Local\Temp\4B14.tmp\vir.bat

Filesize
1KB

MD5
4cda739e4e5471cce9d2917c7e3050df

SHA1
b7ddd7914b9e26a61abcd21632d675b67a18f195

SHA256
bfdbdb295b5977eaa1be7c30c15c3dee0e8a1fb3c503b9c954c504a9a7f91b32

SHA512
ba5f2b44114b1d5120c1102c4d8a89f56f2736dd05540977b72e47f8a5e56396e4be652ca78686b81c3e4b04c2b7afb8e80adbb94d9f916b9c9627f1743c4979

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D07.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D07.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4D08.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4D08.tmp

Filesize
742KB

MD5
236c056876c8cd46dabb13750c7f4327

SHA1
c1890e26c6585056a70665f94c4c3e5db7d5ab83

SHA256
8b16dfab1ce9996f2bf46fd1726442243a13aa457616785e995e11de71449355

SHA512
2af3ab6e75b2f89743f7e7cebf5ccc6588a3447dfac7eef89a1327e9c731fffd6a5df8dec23ab05637df8d7169a445a566e887575a007179e727aa392c014b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4D08.tmp

Filesize
208KB

MD5
d88de17fa0cbcb260174eae7c7ff718f

SHA1
a36aaaaf60938cbc94de551f3c7f08b6cf05627e

SHA256
7a8efbf17c0ad4278416c240b5c26987f935605fbc31397766ac3907a7e9c005

SHA512
ff0db2ecf913cbbadb79af7c77beb588dae23e5b283dd18281cbd8dc62323b6fdbd9622588cdc6fbfd4d6bcbc8978c51431d4a9a2c99c3004dcc6dd5c811217b

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
357fb203ee9ff161dfd16c300a7db0d6

SHA1
fab017bdb4e35fa5b10b41be3829a0ee33f9a301

SHA256
c84493f31c9f1c0b6cbe70fe9fb72c65cad81201d11d5aac4d2d86dceff0796b

SHA512
77818a829e009e2e88e50b10d6c35661b67e34670e066d8240870f88d150202196b58a6eda88a679d528cb2e49b84f9399b574e776b7cff6ed430e7e1b91b7b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e1f13d1ac6701d2b4155bee66f56e20e

SHA1
f93d8efc11aa8ec0650c0bff9e92d3622667fc8d

SHA256
ea0a86b2a6fbf1f7f0f108acde83a26d85ce830285df6c1a541185af323c51ef

SHA512
52b4a880bee8effbbdde7f0bb86fac54687c09972716cb618df62a53700c26b6f8f54d77085c23da73f54498a38305f9cd85ff01adb245fbd147d7980ccf9399

Download Submit
\Users\Admin\AppData\Local\Temp\4D07.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\4D07.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
memory/1756-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1756-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1788-64-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/1788-66-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2592-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2592-73-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads