2cd9b4a1a47fd447b8231dbb3841a19f8f100436bb7fd6c2f19271955f84d8af

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe
Size

211KB
MD5

ce9874fa92f04097cfaf036a7296b2b0
SHA1

e689171d5781161e03bb4d5171df9833b4aaaea3
SHA256

2cd9b4a1a47fd447b8231dbb3841a19f8f100436bb7fd6c2f19271955f84d8af
SHA512

00361e336460a42893ead6bd5accccb5954c942874c7ce4831d4231781d23bfe381b8aa6af255630af5553d5d13eb565f970060dc6f98ba581bb2c3e795e9829
SSDEEP

3072:Rld1ZdJywGLnn7DKqtIyHaV8qy8uvNrAkjy1oxpWjeDzvj0AuVXgK440:RldDEn3te8QmdAd1qt7ruz4t

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2880	u.dll
2656	mpress.exe
108	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2720	cmd.exe
2720	cmd.exe
2880	u.dll
2880	u.dll
2720	cmd.exe
2720	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2720	1696	NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe	29
PID 1696 wrote to memory of 2720	1696	NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe	29
PID 1696 wrote to memory of 2720	1696	NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe	29
PID 1696 wrote to memory of 2720	1696	NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe	29
PID 2720 wrote to memory of 2880	2720	cmd.exe	30
PID 2720 wrote to memory of 2880	2720	cmd.exe	30
PID 2720 wrote to memory of 2880	2720	cmd.exe	30
PID 2720 wrote to memory of 2880	2720	cmd.exe	30
PID 2880 wrote to memory of 2656	2880	u.dll	31
PID 2880 wrote to memory of 2656	2880	u.dll	31
PID 2880 wrote to memory of 2656	2880	u.dll	31
PID 2880 wrote to memory of 2656	2880	u.dll	31
PID 2720 wrote to memory of 108	2720	cmd.exe	32
PID 2720 wrote to memory of 108	2720	cmd.exe	32
PID 2720 wrote to memory of 108	2720	cmd.exe	32
PID 2720 wrote to memory of 108	2720	cmd.exe	32
PID 2720 wrote to memory of 888	2720	cmd.exe	33
PID 2720 wrote to memory of 888	2720	cmd.exe	33
PID 2720 wrote to memory of 888	2720	cmd.exe	33
PID 2720 wrote to memory of 888	2720	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\3C26.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.ce9874fa92f04097cfaf036a7296b2b0_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\3E0A.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3E0A.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3E0B.tmp"
      4⤵
      Executes dropped EXE
      PID:2656
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:108
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3C26.tmp\vir.bat

Filesize
1KB

MD5
c403f7523d417c4a1a9fc6ed447f586f

SHA1
a6d73aae606441550bfd425abfe06944d040bb83

SHA256
c0501db8959aaf032651e54256faf9b3dc44dfb68e9969b8673319b256c16733

SHA512
280993ebe285fdc7a00b0f33cfa34cb62d11f8e895c486f60be2596d231c2eab7c439a6409c668089ceb1252ad8005d0e65d5c14cd6e901f0bc5862f215cab1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\3C26.tmp\vir.bat

Filesize
1KB

MD5
c403f7523d417c4a1a9fc6ed447f586f

SHA1
a6d73aae606441550bfd425abfe06944d040bb83

SHA256
c0501db8959aaf032651e54256faf9b3dc44dfb68e9969b8673319b256c16733

SHA512
280993ebe285fdc7a00b0f33cfa34cb62d11f8e895c486f60be2596d231c2eab7c439a6409c668089ceb1252ad8005d0e65d5c14cd6e901f0bc5862f215cab1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\3E0A.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3E0A.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3E0B.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3E0B.tmp

Filesize
742KB

MD5
d9b739f43327208993b043532e4f11ea

SHA1
332dac7bb54cc5c60d809966d659ad9f096c4339

SHA256
2696e0a2d415632b65f8b22156a4f5d40773e0349b4d613156d8a88f2d17388c

SHA512
467c8b9bec20b6b4c9960926a6b7be8ce278461736a6fccd6becfe63b6634bfd6e7c7635055b0feeb745a7fc599177caab0d04e50f69d5afbb3aafb77499b22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3E0B.tmp

Filesize
208KB

MD5
43f8a3a3681c3ea66edcae01a8e35187

SHA1
04cb144099f1c7a0c84c8392eef6ad6dfa14ef85

SHA256
46b55b471bffa62bb7004ecbbba52ae0aa2aa75788b165ea3fbfaddf68ef2f6f

SHA512
09523f145dc7534d4ec2ead40c6d48bf7e460fad3b1301abaf6f59d34a88bdc193dd4c7587c596ca97c3ee09150f772489281abf19dc8fd0fb297bbc68a5524d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
a7d68ff4ffc68935cdc6443038bb825a

SHA1
0025396d93f87b4845d626e893cd875fff437e5f

SHA256
bd8b37999735b8f20357dc7e68493a7a521f300366cd5f581458471e1ba2a5aa

SHA512
80628c828e77116f59cdc764fec39f2b528e071735f085db822eda1d2320592a8df77cd9a6b466309c03d019e266d4e28ce1a35da24e61298eac395c10dced91

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
88c2db825d60fc43431e5eaf098695db

SHA1
4a5c2c9e4171bd1ff54c0615341a46f1b213a452

SHA256
6a3b938ddd0f0e208f75a776f5638a2cd09165ec7f5d88a1d9445611ce036705

SHA512
995ec0e30e2d5fa893baff5d55477f729577e86b20aab1278eb8062e77b36f628e12e6214d881607cece64d7f7f1f99fce418d0b86dd3a2c0b8b60a7fa5238e9

Download Submit
\Users\Admin\AppData\Local\Temp\3E0A.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\3E0A.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
memory/1696-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1696-103-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2656-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2880-61-0x0000000001DD0000-0x0000000001E04000-memory.dmp

Filesize
208KB

Download
memory/2880-66-0x0000000001DD0000-0x0000000001E04000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads