3809451e784a02426ff7c99b9ab55ece6f8ca678c466b4848ba3e910f06f1bc5

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0177a7655f42dc23ff2a06c42bb5f595.exe
Size

208KB
MD5

0177a7655f42dc23ff2a06c42bb5f595
SHA1

f188f07f4f7bc87a6c05472a6f6c8295edfdb030
SHA256

3809451e784a02426ff7c99b9ab55ece6f8ca678c466b4848ba3e910f06f1bc5
SHA512

281117a11a1bd667529466c55dbf0b1b29aeedffd42f5c417446af9d2b97526628ba410bc7415e810e03abdb928b1f635fde98fe2812f81bbf6f0cf5ac44c6f9
SSDEEP

3072:elda/B0IvW+gnfLWmmu44ckl3+DVEqQb6kRDk55NdBLp9AjPN+DS9TBjHiHmO1v:elda50IMfLm+ckJ+D5WM5Nh6w2j851v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2428	u.dll
2684	mpress.exe
1308	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2144	cmd.exe
2144	cmd.exe
2428	u.dll
2428	u.dll
2144	cmd.exe
2144	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2144	2104	0177a7655f42dc23ff2a06c42bb5f595.exe	29
PID 2104 wrote to memory of 2144	2104	0177a7655f42dc23ff2a06c42bb5f595.exe	29
PID 2104 wrote to memory of 2144	2104	0177a7655f42dc23ff2a06c42bb5f595.exe	29
PID 2104 wrote to memory of 2144	2104	0177a7655f42dc23ff2a06c42bb5f595.exe	29
PID 2144 wrote to memory of 2428	2144	cmd.exe	30
PID 2144 wrote to memory of 2428	2144	cmd.exe	30
PID 2144 wrote to memory of 2428	2144	cmd.exe	30
PID 2144 wrote to memory of 2428	2144	cmd.exe	30
PID 2428 wrote to memory of 2684	2428	u.dll	31
PID 2428 wrote to memory of 2684	2428	u.dll	31
PID 2428 wrote to memory of 2684	2428	u.dll	31
PID 2428 wrote to memory of 2684	2428	u.dll	31
PID 2144 wrote to memory of 1308	2144	cmd.exe	32
PID 2144 wrote to memory of 1308	2144	cmd.exe	32
PID 2144 wrote to memory of 1308	2144	cmd.exe	32
PID 2144 wrote to memory of 1308	2144	cmd.exe	32
PID 2144 wrote to memory of 2588	2144	cmd.exe	33
PID 2144 wrote to memory of 2588	2144	cmd.exe	33
PID 2144 wrote to memory of 2588	2144	cmd.exe	33
PID 2144 wrote to memory of 2588	2144	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\0177a7655f42dc23ff2a06c42bb5f595.exe
"C:\Users\Admin\AppData\Local\Temp\0177a7655f42dc23ff2a06c42bb5f595.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4579.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0177a7655f42dc23ff2a06c42bb5f595.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\4653.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4653.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4654.tmp"
      4⤵
      Executes dropped EXE
      PID:2684
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1308
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4579.tmp\vir.bat

Filesize
1KB

MD5
f3cf2ae06984c67d42d23547720fe432

SHA1
9152ea589e483ad3dd7a34a49ebcebb2ba2cf132

SHA256
c50f3444aea5ed59ac2c9d17984e4b13f94281f8f8236777b86f180f1fa5db5d

SHA512
d18219b8bf8d1522575282e4c07f5efc2ce25e652b3fa20614ae6731a0755717185dc801763f1fece71cce59dc020a40670a7d6fa41e8029ed8c90c15fd8a29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4654.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4654.tmp

Filesize
212KB

MD5
142c41f9151ec9538a0ef9fa1a45fb13

SHA1
d97f9da0b9e9ddbc0b9b581e296af3e78442bd6a

SHA256
f260ad613dd9266ddd3237bad49683362875c1efc2879a8b3b74d24c2d686b2f

SHA512
2c83395ae233b2a75a95caf4bfe8aafe2654a7b54ce834c86e2ea8ab4b94ed236861a0c57d453609944e8e1974b10b1261411a64df7fd10b467bec449218fb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4654.tmp

Filesize
119KB

MD5
b3d1285cc3ab9085dbc64f73d1d3253c

SHA1
8e2e8c0106d7b86bf8962a1cfb595d45ef4677bf

SHA256
8aef467e0904dce97d626323b85166a0728d1df43e1bfb016bbd3b1b42c77faf

SHA512
0342909523414c4c84efb0ce4d548638761593341bc2789e6771427ae2c8937445043328c2eefaa5e9dc000ce52322c8e124f7787cfd3257db3d011a70ee98e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4654.tmp

Filesize
100KB

MD5
72743530aca6768e2bacedc58ca5a411

SHA1
d8e5ea89aca78ba4a6d808ae6715728cd9aacf2f

SHA256
545b6f87302f4391e8782e4c9129570dc56064b294b04827e951c6f27e299873

SHA512
76243718110873a7b8e1248550900c7cd2a27e8082ff204533f4c3a6908445e1ff9f63e4a3b59fccb5d6a7445f059b3fb31f52a250f1e160ed041584d297c260

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
412KB

MD5
58c18c754e1a2d50779aadbbd8fb024a

SHA1
62874737a74cce96ee74354d3cbd14faf53a7243

SHA256
ae10231709441343a08f634ffa832f9c2633da7ade5b2e9a9b3f9e1262e10037

SHA512
8591b204763d1fee38d35c964a11f882b601ab6c430ba6a2ee6f3f814334b7dc08387b425b18e377428d3c3b067977d33c2341ad3e9f672ae313488d51ac295a

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
469KB

MD5
7a375252c90c2eb99b641b378fdb9024

SHA1
7bb8b24bb0e92444de4801de299aa0268cb5068d

SHA256
d91d3db509b4efb6b97a3d4179e04fc5759aece54649a00161f8c71777fce13f

SHA512
9e2f37c163de7cf988a71d03bf817fbe92d26b34a1a9c1a91856bad926963cb038fdaf9f7c3ad41fd024bc38d239008cc9c150cd4b1f524f92ec2231b1077a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
348KB

MD5
e2ddbb0a91866d6b41ec86ce0c35f802

SHA1
cd132c497adb6cfc2b08ad78edfc8b5996732809

SHA256
ef19bec5e666dc6ea4aa76d2d1b3478d397a88fae811c430d59e515f8931602c

SHA512
06ae75bce2fb088fceccfd5d5c49a5fef18e7142bf82b4a877eb6a6d5f4b9dbe2b791ec717d59b687999e983b7f06628e6b66e69e058bb1e21f88eebe95eee40

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
167KB

MD5
44b55c0085028477b008609927eb592c

SHA1
95a4fd7531a1cf70152fe90c93b730956bd738b7

SHA256
c1262b7db6486fbdd7083705698dcfa071bcaa2ae1b1d93a5c0a9deb51d79000

SHA512
f9826f7cab6da0695a2c242285453c0d9c888b1519714653acb4420a923dc24809d7019c192a71b017daf88d9ca7e70ad6ffdf835705bc814f9f4470a81aa3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
79cc1ad01f9488b8d8bb7ea01ad73e7f

SHA1
edb2562b247d1b6cfa14ff4d71caf7a4418c5452

SHA256
fbe0c598d7925cef687696a8deaf9b44d1addc27062b4d0da2fa165028395f58

SHA512
e5762080396a3455e8fb18b87d9bcb3d1983a40b910feb130a5e6945565caad74f3296c440b602ec53261d452c8f43978355f4ecec6be1469e94e66cc828b678

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
58776d132e4937b290767ea08bcb0723

SHA1
e0f9e1f47aa55ec7386a953d166b287f943fb7bc

SHA256
4dc834c461f566a39c950e643eef5692460cf15cec7da88bcd151ce0cff6de71

SHA512
862d06686eb4badadd7abce0d632463008e3062d9dfa79a88de940d2422dd7a18baa3a1bc598f86afd822b2b632a481bcbbd92d0429a63ea3c45df2441df96b0

Download Submit
\Users\Admin\AppData\Local\Temp\4653.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
266KB

MD5
19461d2bea8447eddd7ec50c26eaad84

SHA1
0bb7780ff81aa8c46ac9b6ed4b6fd4bc17bca010

SHA256
6c37dab553c50b57fa16b95b3d126cfbe3ab32c881939e3afa3e1bb4ad8346ee

SHA512
9fbf185ca2a0ffb04e7ce6a6caf679f0f257a287d86ba37ae8c4e7771afa9544435006b28f7b7461ef47b23c55dfe2ee011647c4b5758b53f424d5cf61791165

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
453KB

MD5
c48119cab9e495d266fb3864a9de199a

SHA1
e5af9a1256d78e83bba41d86f0914f986563d392

SHA256
5f5d1afa29dfb554ae6e8fb610598c74e7e60b511c10caedabeae4a48a951a9b

SHA512
2a99cc2a7938709be2eb3218eff1c7866478bb73ee20f00dfcc63b5940b8a5d5569e12280d6d4fa550bef87382a2501305067e82550efc5757b4072d7f719d7a

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
102KB

MD5
8c89e28842e041b5fb73db2a9fd86f28

SHA1
779c698eb9b5b18fe767ed1e27fb73d3d1cd6e38

SHA256
e18b6c824cfb3764d869b5c67e9e1ba1ccbf76042b07e595c6deb53cad51012a

SHA512
f8c58fa6d73498eaef14a7c2e8939a9861dc83b7dd21d853d44c9984c03ded35ba188b388f1045de09003c0ac95abe938631d91b937bfcad52dbcaa7d0014fc4

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
179KB

MD5
1d97f27032b74b5c502b13e4ca03badf

SHA1
10f8fada461d4b6f8e434f63064100886d23dd6f

SHA256
59ec1838eb159550f1269915ecfd3733677096f342245e8af3e523ff42b3ff88

SHA512
5dc014f5ef08d3b6b442213d41dba6dac91bfd4d44f9062b5b3ddab0e0b5bd403a4ccb0252f9b5d03d44dcf3bd2474f283c03856f5928cb62bfa975b9b61f695

Download Submit
memory/2104-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2104-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2428-67-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/2428-62-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/2684-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2684-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads