9a6d61d1b9992da6697e135c6e3de055e05601069698d3d699df8893ae48b001

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02458ff125eba314fde118e81d0c97c4.exe
Size

209KB
MD5

02458ff125eba314fde118e81d0c97c4
SHA1

4369ca97e3e1363b2ae6afe184ee67e7f3bef72d
SHA256

9a6d61d1b9992da6697e135c6e3de055e05601069698d3d699df8893ae48b001
SHA512

bbf7589a86bf1cd8bfd6ab6628ee146de39cd85e11625100ea29cf90892d17284646ad7be49b08d2a6bed39642a462f3485deba46ef336c8c83d2cc0ffe79c03
SSDEEP

6144:Jl2/rrcKCZaT3uxL6psgj8DnwyQv747g0wmpoZW:+hcarWLMsgj827YDoZW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2924	u.dll
2556	mpress.exe
2000	u.dll
2912	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2832	cmd.exe
2832	cmd.exe
2924	u.dll
2924	u.dll
2832	cmd.exe
2832	cmd.exe
2000	u.dll
2000	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2832	2124	02458ff125eba314fde118e81d0c97c4.exe	29
PID 2124 wrote to memory of 2832	2124	02458ff125eba314fde118e81d0c97c4.exe	29
PID 2124 wrote to memory of 2832	2124	02458ff125eba314fde118e81d0c97c4.exe	29
PID 2124 wrote to memory of 2832	2124	02458ff125eba314fde118e81d0c97c4.exe	29
PID 2832 wrote to memory of 2924	2832	cmd.exe	30
PID 2832 wrote to memory of 2924	2832	cmd.exe	30
PID 2832 wrote to memory of 2924	2832	cmd.exe	30
PID 2832 wrote to memory of 2924	2832	cmd.exe	30
PID 2924 wrote to memory of 2556	2924	u.dll	31
PID 2924 wrote to memory of 2556	2924	u.dll	31
PID 2924 wrote to memory of 2556	2924	u.dll	31
PID 2924 wrote to memory of 2556	2924	u.dll	31
PID 2832 wrote to memory of 2000	2832	cmd.exe	32
PID 2832 wrote to memory of 2000	2832	cmd.exe	32
PID 2832 wrote to memory of 2000	2832	cmd.exe	32
PID 2832 wrote to memory of 2000	2832	cmd.exe	32
PID 2000 wrote to memory of 2912	2000	u.dll	33
PID 2000 wrote to memory of 2912	2000	u.dll	33
PID 2000 wrote to memory of 2912	2000	u.dll	33
PID 2000 wrote to memory of 2912	2000	u.dll	33
PID 2832 wrote to memory of 2512	2832	cmd.exe	34
PID 2832 wrote to memory of 2512	2832	cmd.exe	34
PID 2832 wrote to memory of 2512	2832	cmd.exe	34
PID 2832 wrote to memory of 2512	2832	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\02458ff125eba314fde118e81d0c97c4.exe
"C:\Users\Admin\AppData\Local\Temp\02458ff125eba314fde118e81d0c97c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\85C3.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 02458ff125eba314fde118e81d0c97c4.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\86FB.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\86FB.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe86FC.tmp"
      4⤵
      Executes dropped EXE
      PID:2556
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\8B8D.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\8B8D.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe8B8E.tmp"
      4⤵
      Executes dropped EXE
      PID:2912
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\85C3.tmp\vir.bat

Filesize
1KB

MD5
0403410f98971ea3c60759b29dec7f3b

SHA1
baf365c38b8785b932621a7a87e097e21b7a0ff9

SHA256
4135f4cbcf975e0caf98e07ea9dde3c9f102f0e90bd24f7aae6abec8ac73aac7

SHA512
b8596a1dce2507c124c6d91fa748d02d16427df29338c38d60fab438cf315aba5ffe4998b225b4bfc25678cc07b32ea2f3ff99552140947fd298e1ec18327b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe86FC.tmp

Filesize
41KB

MD5
ced9fdba93c6c0a69c43a7fc783d0182

SHA1
3919692fb4669491dd6a24c6bb16f430d0a43e7e

SHA256
a3bf78576222c5da88aea0b9196a2d1003618e4bc9de921d3bac3a2c65ded3fc

SHA512
ab94864403a39322f8587ef946a34e06311ef27d051c4023e29e599ac85cd9bfa15dfcb94f491bbc4a95753f33f28a768b22621cba654c8060daa5df03c73ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe86FC.tmp

Filesize
741KB

MD5
aea75bfc82b0a1aadebb43e53880aa76

SHA1
7f8faf1b105a7a1475f4d9b2046cbf283d43a592

SHA256
a8444935176ac2c6f3e694d19f0c8bdd6511e744d60c03d0f318587ec377e060

SHA512
0d0f0944b743f0e982c63f1e5952f7575ce3ec32248a2663f1fedfe0493a9d5d4b30bc69aa333885d4beedc2a7915fc02afd537b2b7998346c43e69ce579e935

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe86FC.tmp

Filesize
207KB

MD5
5df897b976a27ebc234d63586ab986aa

SHA1
e509e9875585df62ae8938f6a1a94d32779b5cca

SHA256
0a3f588c57f49661ba07c2e17560aace7ec09bd1621721015adc0f1104f9e0f8

SHA512
16efee184f76ee705fddc7aa36e6aba5b035473df1f1be914e1ff6613dcee914abad519136ba41151a40f47cff54d8fd47ba1c3abaa386f029bb834156f71f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe8B8E.tmp

Filesize
43KB

MD5
58afa48057342c92b6d830d8ad98c8cd

SHA1
2f92a578309738a4d58eeb1e6e13ee2ca36b5b89

SHA256
f5540e09125c9a11444075ad8ec88d77f12596432c2c61eedeb1f713ac461540

SHA512
20f5e5c7d1c92817994312a2e03336d591ffb6ae0f50f486cbc8ebe610649e88f74cfdd636199fb4f768c16c24c8c5d4947acc414a460ce34534274258fd85a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe8B8E.tmp

Filesize
25KB

MD5
2ceefb3488a3afecc49ead51efb549a9

SHA1
7e7bace263b10615a737478f3d270e22ebf4f174

SHA256
1d2477851c21971cdb70a92a029cae4e9767deaef6b3c75cd7e7d486a052e444

SHA512
b97189d1c9a4d1e017373a0c49f5d4c5cad8c8d4423ac00c5ef02fafc4780df3c45dff0d098b0aec90b8083729ace251559a42f0ea53452f88e1a1888a865aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
9ea19135c5f4066ec4b4d174e449a048

SHA1
e660123c8bdb78bd462f4409775cc001fcb48a82

SHA256
33480a20d4109e995a5b40b5185dbe50175489aa235675938bcd526b9a5491a8

SHA512
49983b1b29c84bf03f43f93d378f81da38ca3c07b5070ca0d9e0f0fdec3312fedca114a35443b1df4fde31c7396fa88a534da1280497b857fc32ef88ecd019c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e33828032287598226b7b49b69173ee5

SHA1
4f63a5c2f4f0c21417d537b58294ec40fd9bad0d

SHA256
4ed6273e1af906bc59a3f909e916f08da14c4254d91d3ac783751eef83f0ac04

SHA512
de825c54efd0025973f2c974d7c757409f1472d4970f08b541db541fd2353d3b73f32943b89e5f3c94392d117331efe55d152fa3bc0c014515ec00a03524d053

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
cf7ee5a1d0d61f056d457735f798ce4a

SHA1
388730528df908621e4580413cec378ac8df5bf0

SHA256
456f05f26fb5911e303dd0311c652e327f788997f573b2d905edd30799999c7a

SHA512
cb614b9bb2f7d03d24052054ee43637c6cc3d2d1b0153f87f3fb70c4d444ee41db0fdccbdfaeb2545f130ea5e1ce4a11cb3582f8e1513a06ffc17068e7efe23e

Download Submit
\Users\Admin\AppData\Local\Temp\86FB.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
192KB

MD5
f41d53d2c18047a6f671f555c695382e

SHA1
2ec570ad2ae38ccfa6bd6bc8276af3411dabf102

SHA256
557df516e26bf2e6e9eb6cd72849d7969ba6c476bca74a94d16f233595d52b05

SHA512
09c91210aba54d2ac0369368f83500b4bdf99d89fb282fc911f42c5d021dcdf441d2605651fc9bbe8e8f4ae354265ac2fb6244e53b5e0827fbff1983abc68ec7

Download Submit
memory/2000-142-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/2000-140-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/2124-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2124-159-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2556-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2912-143-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2912-148-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2924-67-0x0000000001EC0000-0x0000000001EF4000-memory.dmp

Filesize
208KB

Download
memory/2924-62-0x0000000001EC0000-0x0000000001EF4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads