a6166706595fbb4e08c036f8303fc815137340a36c75085928bf10ec8e78d8b2

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe
Size

1.5MB
MD5

73efbcc0efcb0c620e1f00d26af553b0
SHA1

c8c9d94b52f1adbeebd437f0ed5807c3efdcd9e7
SHA256

a6166706595fbb4e08c036f8303fc815137340a36c75085928bf10ec8e78d8b2
SHA512

7a992a1b40c87b2ceaef9fd9e3bbd872a95bbb5069c8d185d6bca2794c5e9622e9161c2aafc5e2f23a758e84fdf28692a1dbdae106649cb9a65084c75de5aa75
SSDEEP

6144:dlNgwh7faevzepcJTKBNehUDbqJRwsPQQFfxKIxE:1hha5cJJ9JKAQOK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2652	u.dll
2604	mpress.exe
2712	u.dll
2184	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2816	cmd.exe
2816	cmd.exe
2652	u.dll
2652	u.dll
2816	cmd.exe
2816	cmd.exe
2712	u.dll
2712	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2816	2620	NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe	29
PID 2620 wrote to memory of 2816	2620	NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe	29
PID 2620 wrote to memory of 2816	2620	NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe	29
PID 2620 wrote to memory of 2816	2620	NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe	29
PID 2816 wrote to memory of 2652	2816	cmd.exe	30
PID 2816 wrote to memory of 2652	2816	cmd.exe	30
PID 2816 wrote to memory of 2652	2816	cmd.exe	30
PID 2816 wrote to memory of 2652	2816	cmd.exe	30
PID 2652 wrote to memory of 2604	2652	u.dll	31
PID 2652 wrote to memory of 2604	2652	u.dll	31
PID 2652 wrote to memory of 2604	2652	u.dll	31
PID 2652 wrote to memory of 2604	2652	u.dll	31
PID 2816 wrote to memory of 2712	2816	cmd.exe	32
PID 2816 wrote to memory of 2712	2816	cmd.exe	32
PID 2816 wrote to memory of 2712	2816	cmd.exe	32
PID 2816 wrote to memory of 2712	2816	cmd.exe	32
PID 2712 wrote to memory of 2184	2712	u.dll	33
PID 2712 wrote to memory of 2184	2712	u.dll	33
PID 2712 wrote to memory of 2184	2712	u.dll	33
PID 2712 wrote to memory of 2184	2712	u.dll	33
PID 2816 wrote to memory of 1588	2816	cmd.exe	34
PID 2816 wrote to memory of 1588	2816	cmd.exe	34
PID 2816 wrote to memory of 1588	2816	cmd.exe	34
PID 2816 wrote to memory of 1588	2816	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\3073.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.73efbcc0efcb0c620e1f00d26af553b0.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\3302.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3302.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3303.tmp"
      4⤵
      Executes dropped EXE
      PID:2604
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\3572.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3572.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3573.tmp"
      4⤵
      Executes dropped EXE
      PID:2184
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3073.tmp\vir.bat

Filesize
1KB

MD5
02570d0d0b29d93df3c8e38704daa31f

SHA1
a8e130bc4ecd81b1e2507b5d72bbd0da8d849f49

SHA256
dd51f8c86ba944d9c74d293fb6203dc3ddb0a430713c61ed5ac490a5cbb9bad0

SHA512
497a105e52ab098f504bf8ee592de321c4361063470ca19fc673187f0398ba3a920c220a539efdb11c515a45176026bdc35443174207b40f2cea58a3c6f3d9d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\3073.tmp\vir.bat

Filesize
1KB

MD5
02570d0d0b29d93df3c8e38704daa31f

SHA1
a8e130bc4ecd81b1e2507b5d72bbd0da8d849f49

SHA256
dd51f8c86ba944d9c74d293fb6203dc3ddb0a430713c61ed5ac490a5cbb9bad0

SHA512
497a105e52ab098f504bf8ee592de321c4361063470ca19fc673187f0398ba3a920c220a539efdb11c515a45176026bdc35443174207b40f2cea58a3c6f3d9d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\3302.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3302.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3572.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3303.tmp

Filesize
41KB

MD5
cfb6c23b4ec82cb8a0c562d2b9f34c23

SHA1
c7b496195abf2cceb09d8536768d83ab4aed6687

SHA256
28feed5f31044cbc96b185cd8ac0b12cffbc848b895ffce7d4005e25f7a8faff

SHA512
55a2e71b87db5af46c90eab14f95534d0deed807e91c4a52fb762141972a051633decedaf41b19b857efe8fd24821b59e15b33c9e00073da094495ea316420ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3303.tmp

Filesize
41KB

MD5
cfb6c23b4ec82cb8a0c562d2b9f34c23

SHA1
c7b496195abf2cceb09d8536768d83ab4aed6687

SHA256
28feed5f31044cbc96b185cd8ac0b12cffbc848b895ffce7d4005e25f7a8faff

SHA512
55a2e71b87db5af46c90eab14f95534d0deed807e91c4a52fb762141972a051633decedaf41b19b857efe8fd24821b59e15b33c9e00073da094495ea316420ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3303.tmp

Filesize
24KB

MD5
1c591a621b30fb31de8b83694bffdb57

SHA1
94b0acf10c424c4990f88d8d63ba0ef31231fde8

SHA256
71a4439b7c9ba5b21532c4e3c05f39fd19f2ad9e8f1e7da85244339f7fac0e3d

SHA512
4921aee10a3d419ebbfad7f9f877177fce6aad5a1084099046f97ee63d577d9f54d42b6de5ca256f5250264f929988fbd8e4e050996673c99d95dae8833abe2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3573.tmp

Filesize
41KB

MD5
f7d46418a33764dd76d7a4884d35a192

SHA1
df2ac112309d82ea5e0e8c5919bb664ebedaf5c8

SHA256
ff34e2440937e60d6e3ce805827a77750f407c848cad773df28a889dbefd779a

SHA512
5c6fbdaa916df4d3d169d9827d64020a2d6f5195e479c3bcda52051058e37e4033eb0b1eac5ff57ac33b7b0d2046625c39fbfa494baaf7f5ece783d0c55c291d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3573.tmp

Filesize
744KB

MD5
85222d0b8e1e4c1f3eee88b1a31b4285

SHA1
33343927ed9c2b51481e0314b8dd868933eb0c05

SHA256
f48a8624048a812218788a00bf4662c9f1973fbd7e844a02ca883b21cf997fab

SHA512
4a27e8fd569aca8455952558c12a4e6a25d9845064d466bcae77c344f1ccab7217f61f9cdcb33f75541c20796449c94b25429064294b3cf32b70076835c2508d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3573.tmp

Filesize
208KB

MD5
56ce15905ea753f4a6c31db67192f444

SHA1
b1bc81d1c6d1ff5d3a70ba55143827ff8481a78e

SHA256
087def9864a82ae29f7892adb722853fc76274c0d653494969ac05690b164692

SHA512
7d6b7d72db78c3604609aa3b6568aa3c95b75ad9a0392f8812ed4f34660982683682c26d6afe06b3d65aaee48d0c6e74621c589178a325595798e866fc6257b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
30d557aceee9626cb98a725d6a85e06a

SHA1
bf87542145fd443fac080d3a0cbfed61a13ee923

SHA256
9bb1f76079e39732e8b48fefcbd64f25e1d9a23480e9dd9b988016bac5d10857

SHA512
23ebf456c325ca68c5ee7cdbf8bb244c330f0ae7b0f79e8d834e4da412ab6827fa8a78f0432ae0d2420e04578406f90d24f7db8e0410fad18e3657bb7e7f1b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
c0bf91a640c1f9ee668757bdb140a179

SHA1
1812864e93c31eed4d178e0d28688a7f2dab8682

SHA256
9bc41af272e244dc8174d70f7ca876888745ee99045c23d47de976b6886a5ede

SHA512
1b5fd70c0d54f509fc04213f541421d08d2d23d7c93f4554f606d24faf85f8aa6c613d234b796c9146c7c770ae06d0bb1b4b5a2fc995d436e2d23d51dffb6132

Download Submit
\Users\Admin\AppData\Local\Temp\3302.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\3302.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\3572.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\3572.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
memory/2184-140-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2184-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2604-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2604-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2620-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2620-156-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2652-63-0x00000000002D0000-0x0000000000304000-memory.dmp

Filesize
208KB

Download
memory/2652-69-0x00000000002D0000-0x0000000000304000-memory.dmp

Filesize
208KB

Download
memory/2712-138-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads