eddbf6cfc29a4d68a5540ebd3927e19c83878f5f1e5227070797408d96ac5b22

Analysis

max time kernel
141s
max time network
129s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04-11-2023 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe
Size

210KB
MD5

97795dd4d1689c0e33137388cdf9d9d0
SHA1

0e854ce1bcdba39466ff5326e8d6d601f561219e
SHA256

eddbf6cfc29a4d68a5540ebd3927e19c83878f5f1e5227070797408d96ac5b22
SHA512

292005e0babce997e505aa8190032e96f68e204d0b151c75f8a7e3f666bcc3ffa27a964c547c147814ea27389d661537464f1bcf112ab0a206243e7baed63034
SSDEEP

6144:QlXOWacjSlYtr/it/YUg2oNSx/UOIIxFN:RWacInhYKoNAjIIxFN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2768	u.dll
2504	mpress.exe
788	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2644	cmd.exe
2644	cmd.exe
2768	u.dll
2768	u.dll
2644	cmd.exe
2644	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2644	2068	NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe	29
PID 2068 wrote to memory of 2644	2068	NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe	29
PID 2068 wrote to memory of 2644	2068	NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe	29
PID 2068 wrote to memory of 2644	2068	NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe	29
PID 2644 wrote to memory of 2768	2644	cmd.exe	30
PID 2644 wrote to memory of 2768	2644	cmd.exe	30
PID 2644 wrote to memory of 2768	2644	cmd.exe	30
PID 2644 wrote to memory of 2768	2644	cmd.exe	30
PID 2768 wrote to memory of 2504	2768	u.dll	31
PID 2768 wrote to memory of 2504	2768	u.dll	31
PID 2768 wrote to memory of 2504	2768	u.dll	31
PID 2768 wrote to memory of 2504	2768	u.dll	31
PID 2644 wrote to memory of 788	2644	cmd.exe	32
PID 2644 wrote to memory of 788	2644	cmd.exe	32
PID 2644 wrote to memory of 788	2644	cmd.exe	32
PID 2644 wrote to memory of 788	2644	cmd.exe	32
PID 2644 wrote to memory of 964	2644	cmd.exe	33
PID 2644 wrote to memory of 964	2644	cmd.exe	33
PID 2644 wrote to memory of 964	2644	cmd.exe	33
PID 2644 wrote to memory of 964	2644	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7B57.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save NEAS.97795dd4d1689c0e33137388cdf9d9d0_JC.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\7D99.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\7D99.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe7D9A.tmp"
      4⤵
      Executes dropped EXE
      PID:2504
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:788
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7B57.tmp\vir.bat

Filesize
1KB

MD5
9b4403c08a38e4757f75ea565b1c2d13

SHA1
2d827f85790d93da5bd4dee807ce41270e21d13f

SHA256
68a7326b8f26b8773b176e2352a3936e66c96ce6779d2d30872d2d02fb1a4476

SHA512
7773e442190b06c85c694adb133cb12b92ecbd37f24b93dbce3cf0707338ac46d9f11018ff66205408cb2c021105bfd6da8629a74efc3960326d620af3c2b9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7B57.tmp\vir.bat

Filesize
1KB

MD5
9b4403c08a38e4757f75ea565b1c2d13

SHA1
2d827f85790d93da5bd4dee807ce41270e21d13f

SHA256
68a7326b8f26b8773b176e2352a3936e66c96ce6779d2d30872d2d02fb1a4476

SHA512
7773e442190b06c85c694adb133cb12b92ecbd37f24b93dbce3cf0707338ac46d9f11018ff66205408cb2c021105bfd6da8629a74efc3960326d620af3c2b9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7D99.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7D99.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7D9A.tmp

Filesize
41KB

MD5
2e70c1c3cf76d129ecfe6fd4b3cde5c9

SHA1
99c806cd24b06df8a4c867c83c03aca76ba7c739

SHA256
5fe031696636e8882f9799c33333304ac40f94e904253ce378299ef53bf4f365

SHA512
538127990380a5a18fa5deadde97d642dcdca7431a756d0d4e4481c9e0bdc0ae127c17de86a64b7035165832b90ba60c36d479de50a31c4d552319e5c1052a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7D9A.tmp

Filesize
41KB

MD5
2e70c1c3cf76d129ecfe6fd4b3cde5c9

SHA1
99c806cd24b06df8a4c867c83c03aca76ba7c739

SHA256
5fe031696636e8882f9799c33333304ac40f94e904253ce378299ef53bf4f365

SHA512
538127990380a5a18fa5deadde97d642dcdca7431a756d0d4e4481c9e0bdc0ae127c17de86a64b7035165832b90ba60c36d479de50a31c4d552319e5c1052a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7D9A.tmp

Filesize
24KB

MD5
e33aa3fafb1e80c9b61277a6daff7ad0

SHA1
45624a325ac832233b94c18902ba04e72b353ab7

SHA256
5526173c9cc37a4ff40ea736db2dffd8a4ef0bed65d9308a90cf1ac20a1bb4ff

SHA512
406f96fd420dc775a14330cb38c5b34ab57063846e2db0f26b35fe2a2e4949352d512aed434a25b6900d47bd200c8527278fb76c7afd1ee46ac254d3a91763c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
f1c187b395e909da8088f43ddce3e399

SHA1
6d61a197fe8c38d9a253126691d7389a5b4000c1

SHA256
470c91b9c01b85e713e72264a7038a72991c26f3d4c43d04417f0f67ffab83ff

SHA512
446d48e63764ed2496d125d681e7786b80413cd4df5780ce5775505b438472ff553aeebdd3bd1b24b02e4ec69c89a57902f6762946341883e6f5839a343ff61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
1ce12d0e048282b5b77f4a1a5888f512

SHA1
6fda349194f620a0f8b763e0e0774d398323b585

SHA256
00c6104fbfde044838a04e9e6b1cdf1f6269564e3b3c9805c76f992c519212e2

SHA512
997a7c6b0dd7d5882481de07af18cc2321d9649d5c7732be2ec0e73cea51eeebdf237beb9da99dfc4bb8f3eec760b20ce0e9b9780fa6f1a9b05a5d5323f786f1

Download Submit
\Users\Admin\AppData\Local\Temp\7D99.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\7D99.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
58dd14cd6b3f90b0f6bc82c01bcd2dab

SHA1
e496313b7cee401bbf2e0ceb6a0b1824bb5a4208

SHA256
63095a3df5569038746ca2d0553bb438a41ef2ed10c9c9e4a65b5ee861b6e2f8

SHA512
b7d4cdd64eadb5e52901b59b0bf86002d23f431e7ca503e86cb4f30313e05c83ca7619b7565e13f0c3d09395a59df80d27b44fb907afc6b65473b6d616beb1c8

Download Submit
memory/2068-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2068-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2504-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-63-0x0000000000340000-0x0000000000374000-memory.dmp

Filesize
208KB

Download
memory/2768-69-0x0000000000340000-0x0000000000374000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads