4873d557bdc559b59192553364ecdbe0b003965329c79ba3487efd58382a4795

Analysis

max time kernel
142s
max time network
139s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 15:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.413dc55ad9bdc969f5d82edef88fca20.exe
Size

209KB
MD5

413dc55ad9bdc969f5d82edef88fca20
SHA1

4716edd868382a6a024c9aacd7e52bf85696f361
SHA256

4873d557bdc559b59192553364ecdbe0b003965329c79ba3487efd58382a4795
SHA512

f2cb037e4a015a6cb3582f90353e942084c5279c835a142c01ed3123b47b2ccb37dd181870395229a69644ff8bf6cc1b37da008cf6d1a71e735dd4124ca2eac0
SSDEEP

6144:il0n6au0tMtlxQLSnwDeOPkFg7FqBh5vop7BlOU:Fn6au7yLSnwiJsFqB/odBlz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1084	u.dll
2848	mpress.exe
2544	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2076	cmd.exe
2076	cmd.exe
1084	u.dll
1084	u.dll
2076	cmd.exe
2076	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2076	2120	NEAS.413dc55ad9bdc969f5d82edef88fca20.exe	29
PID 2120 wrote to memory of 2076	2120	NEAS.413dc55ad9bdc969f5d82edef88fca20.exe	29
PID 2120 wrote to memory of 2076	2120	NEAS.413dc55ad9bdc969f5d82edef88fca20.exe	29
PID 2120 wrote to memory of 2076	2120	NEAS.413dc55ad9bdc969f5d82edef88fca20.exe	29
PID 2076 wrote to memory of 1084	2076	cmd.exe	30
PID 2076 wrote to memory of 1084	2076	cmd.exe	30
PID 2076 wrote to memory of 1084	2076	cmd.exe	30
PID 2076 wrote to memory of 1084	2076	cmd.exe	30
PID 1084 wrote to memory of 2848	1084	u.dll	31
PID 1084 wrote to memory of 2848	1084	u.dll	31
PID 1084 wrote to memory of 2848	1084	u.dll	31
PID 1084 wrote to memory of 2848	1084	u.dll	31
PID 2076 wrote to memory of 2544	2076	cmd.exe	32
PID 2076 wrote to memory of 2544	2076	cmd.exe	32
PID 2076 wrote to memory of 2544	2076	cmd.exe	32
PID 2076 wrote to memory of 2544	2076	cmd.exe	32
PID 2076 wrote to memory of 572	2076	cmd.exe	33
PID 2076 wrote to memory of 572	2076	cmd.exe	33
PID 2076 wrote to memory of 572	2076	cmd.exe	33
PID 2076 wrote to memory of 572	2076	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\NEAS.413dc55ad9bdc969f5d82edef88fca20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.413dc55ad9bdc969f5d82edef88fca20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\95AB.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.413dc55ad9bdc969f5d82edef88fca20.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\975F.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\975F.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9760.tmp"
      4⤵
      Executes dropped EXE
      PID:2848
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2544
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\95AB.tmp\vir.bat

Filesize
1KB

MD5
c01f485bac573077ef836c00205c62b4

SHA1
93883fb66c2713cbb6dd423b3941db4d43f79e9f

SHA256
d5b8765387a724ceb7f22a9160734b7a5db9c2ace588d84ab8f6e4419e64e7cb

SHA512
d79b01d8aa01c32a729d24204a9d6cd37dea3ba08f34dd5704269ac01a9d93574bca69a8b476b3c5e3dbb7b03b5c7f0cb552945428111701d37ae7811e50518d

Download Submit
C:\Users\Admin\AppData\Local\Temp\95AB.tmp\vir.bat

Filesize
1KB

MD5
c01f485bac573077ef836c00205c62b4

SHA1
93883fb66c2713cbb6dd423b3941db4d43f79e9f

SHA256
d5b8765387a724ceb7f22a9160734b7a5db9c2ace588d84ab8f6e4419e64e7cb

SHA512
d79b01d8aa01c32a729d24204a9d6cd37dea3ba08f34dd5704269ac01a9d93574bca69a8b476b3c5e3dbb7b03b5c7f0cb552945428111701d37ae7811e50518d

Download Submit
C:\Users\Admin\AppData\Local\Temp\975F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\975F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9760.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9760.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9760.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
145e113a73facd972197de76a42823ba

SHA1
e02e339a0e0f03f01a53023d430d117a390ae3f0

SHA256
83d4437927c674ce2e8fb1e1d37e93128501e9b3def82d9117f2326b98a7fcae

SHA512
f5974862240ac7d248c7508b3d88f58f039b766822723dd85c736818edb8c6532d8885f994122f739dcef3ba4f4bda7342e1d38b01d7f9fa4c25651293837b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
a8778fe3b07c4519293d77e664c96efb

SHA1
22d99a3e05a6abab90b728a0afae6a8de7dc86c1

SHA256
9b176827117e6be9f5fd8b331291dd80c8976d004defb6f19e73e5789c1fe3f6

SHA512
326af4885df265078ab294c30d7bd2704ce485e3d2baeb6ae5bf9f0760fd584316965eb1757955b61ef7957326664fba25caf563a9af47f2b62951afeec83c69

Download Submit
\Users\Admin\AppData\Local\Temp\975F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\975F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
memory/1084-68-0x0000000000310000-0x0000000000344000-memory.dmp

Filesize
208KB

Download
memory/1084-70-0x0000000000310000-0x0000000000344000-memory.dmp

Filesize
208KB

Download
memory/2120-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2120-114-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2848-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2848-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads