b83471e4b4ead8398f939fe9ce0a7c3048f405714e395e43b25d874804f9baeb

Analysis

max time kernel
143s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12e141bb1eac6c68d6a3a336fc89cb82.exe
Size

208KB
MD5

12e141bb1eac6c68d6a3a336fc89cb82
SHA1

59ca04146b665d61f040df26c0681ae6e29276b5
SHA256

b83471e4b4ead8398f939fe9ce0a7c3048f405714e395e43b25d874804f9baeb
SHA512

b6c9d251d9450d77a5a981c38d57ca47846b347baaacb47daa4879cb02f124e69f6446fd8112fb1b1ec48e71fb8e9b54c180e141676ad7ba84a1f95dcdcae571
SSDEEP

3072:JlxuF4BVYKE6tDzU4kflRDAu3NgSJ2+isaKGQcMVxC8MeXPSv4NYn3pjBx:JlkXF6G4Ohdgk2v9KGD8Me/xk3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2796	u.dll
2608	u.dll
2760	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
1972	cmd.exe
1972	cmd.exe
1972	cmd.exe
1972	cmd.exe
2608	u.dll
2608	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 1972	1072	12e141bb1eac6c68d6a3a336fc89cb82.exe	29
PID 1072 wrote to memory of 1972	1072	12e141bb1eac6c68d6a3a336fc89cb82.exe	29
PID 1072 wrote to memory of 1972	1072	12e141bb1eac6c68d6a3a336fc89cb82.exe	29
PID 1072 wrote to memory of 1972	1072	12e141bb1eac6c68d6a3a336fc89cb82.exe	29
PID 1972 wrote to memory of 2796	1972	cmd.exe	30
PID 1972 wrote to memory of 2796	1972	cmd.exe	30
PID 1972 wrote to memory of 2796	1972	cmd.exe	30
PID 1972 wrote to memory of 2796	1972	cmd.exe	30
PID 1972 wrote to memory of 2608	1972	cmd.exe	31
PID 1972 wrote to memory of 2608	1972	cmd.exe	31
PID 1972 wrote to memory of 2608	1972	cmd.exe	31
PID 1972 wrote to memory of 2608	1972	cmd.exe	31
PID 2608 wrote to memory of 2760	2608	u.dll	33
PID 2608 wrote to memory of 2760	2608	u.dll	33
PID 2608 wrote to memory of 2760	2608	u.dll	33
PID 2608 wrote to memory of 2760	2608	u.dll	33
PID 1972 wrote to memory of 812	1972	cmd.exe	32
PID 1972 wrote to memory of 812	1972	cmd.exe	32
PID 1972 wrote to memory of 812	1972	cmd.exe	32
PID 1972 wrote to memory of 812	1972	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\12e141bb1eac6c68d6a3a336fc89cb82.exe
"C:\Users\Admin\AppData\Local\Temp\12e141bb1eac6c68d6a3a336fc89cb82.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4386.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 12e141bb1eac6c68d6a3a336fc89cb82.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\58F9.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\58F9.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe58FA.tmp"
      4⤵
      Executes dropped EXE
      PID:2760
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4386.tmp\vir.bat

Filesize
1KB

MD5
3a2abef736b22d8a4f5bf7c5f534685f

SHA1
ab2b4bd124150f03f77e43b54d9dbb0f20d0ef9d

SHA256
5b9a9438a974b7b1e8e48421cd0833ef4640e8adc418a3b392e8cf73fdae35ba

SHA512
af8e40afa54273f66b791d3c35cc09e4d5ab59c57b9a356515bce620d0844b892dd10935e77d7aa4d2bb70d623c441e1787328555d00cc97ec397970b16007d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\58F9.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe58FA.tmp

Filesize
41KB

MD5
863c72510f3c30b4e2cd208090af8b92

SHA1
3c5a6732c904ba8c3004e257d5008beb5311b7af

SHA256
87454715574db5716ae855a6dd5a09f80a0ce0adba4699b485dc3152dc3ce544

SHA512
d7356b3561c3a8e84cc004d3852e3f8562023e4819e9e07e52b3fbdbb5645c64f9a436bcaea55b24e0fdd231b16d0941ad027db9870230db38a0ca81985d452b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe58FA.tmp

Filesize
25KB

MD5
7ff19a32a8549b7585f7c8a7a1d3af14

SHA1
18e657af5ed623c264d5d82fd3b7872b42ab50ab

SHA256
f01a68893988b9c711e4dd51964586ce8661d40d8803a8d75e2597847e38786e

SHA512
4c049553e4635d95e2af999e5153498cfcb94ea3deef7f480cc0f644591e9fbc7287a71ac456963a215f7cd271c855f392bece810194e21c4104a5c4895d4ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe58FA.tmp

Filesize
41KB

MD5
0277cd7069c4c1240145acdece553204

SHA1
a052ea50eefbf28012eaf0185d2ab0d4300ee05b

SHA256
3e04b97d881e41e03f3dea65d045869deb21a552b02f4500810df69ae848e0da

SHA512
782532f418a2b46532e5bfec4fdded923a6a7cafff7356b9898b17d3edb02567585b4fae78cbaadf2f14c8deafdfc4a4b779cf273bd1dc14d9f2327cf244588c

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
197KB

MD5
8c5328169bc4acb58219df8e53a4cc6f

SHA1
fc0b665c7f5703b73ae4977c489dbd8d3763cb6a

SHA256
2583e2c742d3b2152f9763cad66db36a67794252df0393c8369c63b9b3ab0ec9

SHA512
437d1134bd5f7ec81ea28d839612cd669963c8b796db6902a4724861e2e1adad13b5fcc67eea9533494bfcd50ff82b345b4625e15669651bb58b6fc57a90d3a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
195KB

MD5
22d521587a24a7cea503d928f9663322

SHA1
445d41c0490fae890c6e8f0fec7342f7a3949015

SHA256
9bf25d9c6f75c9a19d9e7c7244f93976db9431c542242a54554c55153c396d6e

SHA512
1367fd100980531a1b01e40b4a2bd1b0e7bf7a1b8521f57ccdf28547b5d0825d96e5d1cdfb24e5a5f1fab520032ad077c67c0d09e806ea0c54d1511efa9b22cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
116KB

MD5
152ec7f172f0fbd13622932e7fa18fe9

SHA1
0ea4d2291d0841e22a7c3012ba6c8b7c017008b2

SHA256
5a2aaf869fd1706fcc96afbbb494840293ff93db4669e9765069d9e6134f6b64

SHA512
3328e11200df8dbff51793260825b2cff533e4b1da3d016bb056eb4368238a041701c761c2b7c537d509606b6da457161ef2a5855c90402b5bcd8b0dcf82c19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
319KB

MD5
ee36da96f175a965d1703957e62f4ab0

SHA1
d65b1a89cf905273d4dbc819054e02c6e4fc4ae9

SHA256
6447a3c56ff29645fd967a996e8e6a10d2d3d62f68dc8a593d1f655e889fafd2

SHA512
a4c526b83e498dc2709e28b9b75c60bc30a208120872faf2168ba99550b2645b2a851e8e6428bf2cb8def1a35aa9bfc9087b7048b81b5c1db0f3a21475dd22f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
18e3c2f1fde02d4771d5d43a983838d2

SHA1
bcf40857f8277ce2b7e2b560baff898152131d0e

SHA256
f4604cae6e7a75edc4abd478b30400df2ae928e916b9c579d55dac0b9474d0b7

SHA512
b68998e7940400c1a23a5be4b7547b3b389a3d2bdce198fc839cd9ba0310158a860f417b6256f7ba9b48266a55e808779a5d4f61556d2a7cd466bc3ed42a7516

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
f77ef2261bfc3018534a4b1c23aa0dd5

SHA1
5e0d30b6053e8fa93bae5b182a065d6902641227

SHA256
70458313d112f9bcb86ec1a9b57bf7cb9badd0e812146c8b113c39ba255b7119

SHA512
9d5179aa37e643f35dcaae7551c4d58d794134e64b5b72f9224167805e5901e5bb2689efeb389d8cd4c682b22506797b3d9573dcd09ea6186b98a3c6eec2ea42

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
162KB

MD5
9fc255a1aba086f26aa6dd931d9fa024

SHA1
c5f4b64c1c0cf74f91a7881795dc0b2d26215cb6

SHA256
f22b2992823b9d9e0dd1e110133b25f00fddd7be35493ca628668e33e8e7eb5c

SHA512
eb20f693cc3f4e2f2dd0d8e270c971c43d4f1877759ab06f7febf6cbaa229c5ab2ef8722e22df8827e013048ac305eb66a14b8db2d45f1d4dc2d27fee16c2d30

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
213KB

MD5
8276ae54e3680117bfc06ace678e9b15

SHA1
fa56a4430575d51879f09a2cf372355c93d81770

SHA256
f2d2cd0b8b612369a176b596ac6d2077c79c3ef522c93c7d63fa82d917ffaef0

SHA512
46c188d811d7254ad4bad50926e8597b3fdce4a53552683f0788444e39595d9a938a0feea9c202987ea1083bc1a2ee59e6b8a49cfcfeaa4278067253be19d341

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
268KB

MD5
c315ef238f96395e6bafab753bd39977

SHA1
98b17f160eefcb996713e215af48a47d8c482385

SHA256
56a34252f9b774358b25f5b690159c2993d3c24c5f7b4bcd1bbb554776e1772b

SHA512
6a588cc43876e5ba67b763827b908b7e52a8da8d1527fa46b8f8fbdc486e370f9e0a8301f4731db4435a73d046e19a3c62a5d5c5903e3c9782bbd40f59d65d30

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
244KB

MD5
15241aa45e3e533f384ed308bbf1eff5

SHA1
57d3cbe54aafdae05629bd2f969b93e0b48ad0ae

SHA256
fa40c57e7bfad314a536d49c886aeb3f9d2cf99cd10e0a8c0dccecddd2aac120

SHA512
c7a73a230a5fbbe81d1518bcf38bd44b8117c370dc90ecccd9fcc7816a288ffd3b50c10c07342231d9b442121715cbb3bcaa36757fa140c167826f686331b632

Download Submit
memory/1072-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1072-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2608-97-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2608-93-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2760-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2760-95-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads