e330f9246a677abaf2382307c5e18147d6c208397bc4cb1104f57921413ba693

Analysis

max time kernel
153s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0dd07cda261348fb6a5362e75d0afb19.exe
Size

209KB
MD5

0dd07cda261348fb6a5362e75d0afb19
SHA1

1321a9d4b14d1f80c26aa01bc8ecd26888da0532
SHA256

e330f9246a677abaf2382307c5e18147d6c208397bc4cb1104f57921413ba693
SHA512

f9a82a4c282ffe7736cdae5d9f1350108e1b202cdc771dfeb34c1037760a7edd02ef88e399253973b7f732441307685c53b32d5e17ba905b50fac81a8f69ed7e
SSDEEP

6144:Gldbtg92f5FHa2agfQA0cJTC6SsV4U0jsxk38ozds5F9:eb+92f5FHRYA51LDqWk4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2984	u.dll
2112	mpress.exe
2944	u.dll
2488	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2796	cmd.exe
2796	cmd.exe
2984	u.dll
2984	u.dll
2796	cmd.exe
2796	cmd.exe
2944	u.dll
2944	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2796	2812	0dd07cda261348fb6a5362e75d0afb19.exe	31
PID 2812 wrote to memory of 2796	2812	0dd07cda261348fb6a5362e75d0afb19.exe	31
PID 2812 wrote to memory of 2796	2812	0dd07cda261348fb6a5362e75d0afb19.exe	31
PID 2812 wrote to memory of 2796	2812	0dd07cda261348fb6a5362e75d0afb19.exe	31
PID 2796 wrote to memory of 2984	2796	cmd.exe	32
PID 2796 wrote to memory of 2984	2796	cmd.exe	32
PID 2796 wrote to memory of 2984	2796	cmd.exe	32
PID 2796 wrote to memory of 2984	2796	cmd.exe	32
PID 2984 wrote to memory of 2112	2984	u.dll	36
PID 2984 wrote to memory of 2112	2984	u.dll	36
PID 2984 wrote to memory of 2112	2984	u.dll	36
PID 2984 wrote to memory of 2112	2984	u.dll	36
PID 2796 wrote to memory of 2944	2796	cmd.exe	33
PID 2796 wrote to memory of 2944	2796	cmd.exe	33
PID 2796 wrote to memory of 2944	2796	cmd.exe	33
PID 2796 wrote to memory of 2944	2796	cmd.exe	33
PID 2944 wrote to memory of 2488	2944	u.dll	35
PID 2944 wrote to memory of 2488	2944	u.dll	35
PID 2944 wrote to memory of 2488	2944	u.dll	35
PID 2944 wrote to memory of 2488	2944	u.dll	35
PID 2796 wrote to memory of 1756	2796	cmd.exe	34
PID 2796 wrote to memory of 1756	2796	cmd.exe	34
PID 2796 wrote to memory of 1756	2796	cmd.exe	34
PID 2796 wrote to memory of 1756	2796	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\0dd07cda261348fb6a5362e75d0afb19.exe
"C:\Users\Admin\AppData\Local\Temp\0dd07cda261348fb6a5362e75d0afb19.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\DC89.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0dd07cda261348fb6a5362e75d0afb19.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\DD73.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\DD73.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeDD84.tmp"
      4⤵
      Executes dropped EXE
      PID:2112
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\E0CE.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\E0CE.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeE0CF.tmp"
      4⤵
      Executes dropped EXE
      PID:2488
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DC89.tmp\vir.bat

Filesize
1KB

MD5
f9b5f1758f9a5b8487600f539b20f846

SHA1
d67371fde34480fe04d12917503314f0178cdfd4

SHA256
1e219ac1adfca40a304d6c192a78e27110e0e6ebe72e057f1f049971e5e97418

SHA512
6af904525354c68954b55899bef37e6b4981abbedc53c943ec8148100037fcfd07dfdafc0b33b07ddb4ed2b02b2be7d87d274dedcbd3811f2cab988e713bafc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDD84.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDD84.tmp

Filesize
358KB

MD5
43835cf7b5c460698b40619ae9b6b3ba

SHA1
c7e3be3db56d2e057dc75132fc098f0947191fad

SHA256
9e81891ace4ce34bd15559d498f7436c2f76d844d42bb534dac70bf29a45e6e4

SHA512
2ba6bd28fab9efa553702631dc7ff26c465e0a94517f73a3316e278f10451c02b90c062e5185bb75e3b4a92d144d6e9d2e3b7574651f910a84826361d2dd324a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDD84.tmp

Filesize
207KB

MD5
da57bbddd0661af2c3287ff15ad88345

SHA1
b1f0b70f3dc5bb233ef385fd7079df08869c8473

SHA256
385356f090c7891009184c6ea1a1070c8573a650559009cd2ed9c3b3793c1c32

SHA512
4880b531a6826e573bb2e0d7a579d731caf72d83aa681e905ca689979d12edfdfacf611397bd8fb502fbe60ded27662e30be173fb39c91e6e266cbcfa99e4c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDD84.tmp

Filesize
207KB

MD5
9125af36bbd8f8c1a81ba1f96eb5ff91

SHA1
9d76ec3f2a7f83f1d147725268c51115af356aaf

SHA256
92203e0188b931ee9fd48d31b07409836c67e01ee0c02c85c41f3aceae8d1b24

SHA512
c7812cbab8447d8d0a7dd59ca8936a407b1b2a5ab2203e9c626966c5ba5a70ddb4ca4ee66e7a711fcca4bac1e0a11a0b3b5db142ef01d23cda2380ba1ac334ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeE0CF.tmp

Filesize
43KB

MD5
2a858904b4c50e691c16b141bfc6709e

SHA1
814bc19cd706acbd9246218e562b9d3fea654b77

SHA256
121ac5925a6a3d8644ba1faf781403d7c24a9c703c52657af33a9ee8a4b29069

SHA512
05c06fc7a31f21d72ac4fe815c07071db29b667d2fb195b3ac310c1e993d8e5d2d86d1352237980cb2b0a7f33b3b25c21c6f633c6fb56959257aacade8d30b93

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeE0CF.tmp

Filesize
25KB

MD5
8f99f4e8a5dbc439cc2ffaab5541284b

SHA1
b96c5033e7af9b894c3c621645f4be71af42bc7b

SHA256
c295b5fa03ae3f5252ee6e08242372f04d5f55d4a527a997471af3a6b9de320a

SHA512
87ab043ed7f09098066926e395f7663364075bf7f722e53b7b0367b3ddb8106191b860d0b2651fdd3aa840b5e853b01d9f69e56802917b19cad910cb41d11de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
302KB

MD5
e1ee48278aac7024dbd6f9eb235cf60b

SHA1
161fe1a3cf992637dbc5c0f20c4d0abd89493a61

SHA256
7a87a640b3d8c83ed7218452f85d3140c9adc2740a56e54c0682dec6fb0a0ac0

SHA512
d238f3698dd9dc9bfef32784f1da7a6b2a2502b962c411d27becdeea02330f794bd999c52aa359d8ea3b6346e372417627bf873ad222ea64b986e71b9c7d3a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
125KB

MD5
c82469654244b3b2f033962fa9001a04

SHA1
62c6b1448d1c515ab127b6edf6c796128f66c3fc

SHA256
ebf5b0d384701a5bfa7c1e2b40ae07a637099bc13029fd37906f95ddcd09cb5c

SHA512
0c89230ffe0504bd7a3fa59f48c9cfc07a31158f7f1ab7b7578965adeccf994bfc2623f804d008e4cf256e1dd51071ef3f08e1034a3168e55686b9ad80d47046

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
83KB

MD5
111151f24d920c714f08c2c04b74bf47

SHA1
aed4fb738c872720341e0551b49bba2dca08dde9

SHA256
40a0cab8506ed7682e4d37240cee58763ee593742cb7be885ba7495bda317a06

SHA512
e88f05abba194117fc4fa9e884a339cb6d1ce41b24f1b6e8645cf46795cfece983c9494c92c1f2bb249247168666c5ef42fb3978724ffcf8230a3bd4901a33da

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
265KB

MD5
c0ee3b669dac578586eee07a3501fb74

SHA1
a2d679c12404fc9c95522f33160472e986d15597

SHA256
0791350cae9f196f3822108a387b380cdf857e45b4e7f854920581a9a2de5940

SHA512
b3855d3b25010cf26f783bed5484e61b54d0e3da2a37cedb5c26bbb7113afa00b186dde3c9ecda28bce7cc0a75384d102e59f82cc4a7c813ac80472c3b7a745d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2069811161d886441189d548dc251d38

SHA1
608868517308fc72d85c21bc3d83dd32845d51dc

SHA256
16caa7648e60614d840cc6f15c9aa95565e6452da7f530b05322ec34074a36d6

SHA512
3724269a4e7d4f07e663b112165dbe855e950d118a3cf79487bbe1c56ee63da8e79d859dd6c85df3511a68ce5560c454259a4f0c665eaeba9e5b01961f43812f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
4dd9f8069dd49b13d4a3ac4c7c3428b9

SHA1
978d3163aa8b716fc153eb679e9c3aba0fdcf739

SHA256
223e62294eb4b86cc1547704cd28c8680f575991c6055849859a2ab77394bb66

SHA512
14666b6c2230bd48708ca322df94675a407dc839ea70c8b43b3bbe5f47ebba26f3c12ed4f4a097e62f4ccc7e0fae9bf274b85d08bd29c2a654d03a41907cd79f

Download Submit
\Users\Admin\AppData\Local\Temp\DD73.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
96KB

MD5
631fa12df792316e9a41c84926e6ea8b

SHA1
6568014a023e912c81441289505a67ef07773299

SHA256
9d502f4e197210589747476e0008a06b8d1f5527b27d9bfb488a3dd6ab78fcdf

SHA512
6c05d9d2d699fb5e4c3fa5e1bd9f78fe02b391951265ac754f7d32063a1c59894ab9cbf55d6d6807a8b6bb5f0017fb3b78fc7b2b576268957597f239b1335ec2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
133KB

MD5
00223d8b0b87a5639f206ddb0c9b0034

SHA1
74f8777f23f050614f9d1e317d03bf8c29153971

SHA256
dfd913e8bfb6c9917cf4fd30d0301da9b6641a20e1545985aae23ab5d0730bdd

SHA512
43218d3d15896d913b9c5cb749f305f49e7a4b0ab201b010b0d6fa6c2abe9c2f76dd0368b3bbb4840821fca2150200c0f7fdb7d2db6d4f20d1ca059c06d32f1a

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
memory/2112-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2112-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2488-142-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2488-147-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2812-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2812-157-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2944-140-0x0000000000380000-0x00000000003B4000-memory.dmp

Filesize
208KB

Download
memory/2984-66-0x0000000000650000-0x0000000000684000-memory.dmp

Filesize
208KB

Download
memory/2984-70-0x0000000000650000-0x0000000000684000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads