3d707a5879b188d1e64cb8e1d72514d12081bd9188006057d4dc95c3e29edebf

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:08

Target

3f0eeb128d467aa69c3ee8afceb4206c.exe
Size

208KB
MD5

3f0eeb128d467aa69c3ee8afceb4206c
SHA1

20b19a17a689f25b611ead0c6dacdbe922a2c204
SHA256

3d707a5879b188d1e64cb8e1d72514d12081bd9188006057d4dc95c3e29edebf
SHA512

6e0f80a1ba9c57f54138f583339da120210b1b8d09967456d43545882a36e33c163f3f104ca77503b01642997e1e991ab9f2746f3177bbc94c2459a18e39309b
SSDEEP

6144:VlGRgXm15iT5EvNjIrhgUNQYqovv3UsnoZKC:mv1LvurhgUNQZovss

Score

7^/10

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1748	2188	3f0eeb128d467aa69c3ee8afceb4206c.exe	17
PID 2188 wrote to memory of 1748	2188	3f0eeb128d467aa69c3ee8afceb4206c.exe	17
PID 2188 wrote to memory of 1748	2188	3f0eeb128d467aa69c3ee8afceb4206c.exe	17
PID 2188 wrote to memory of 1748	2188	3f0eeb128d467aa69c3ee8afceb4206c.exe	17
PID 1748 wrote to memory of 2172	1748	cmd.exe	16
PID 1748 wrote to memory of 2172	1748	cmd.exe	16
PID 1748 wrote to memory of 2172	1748	cmd.exe	16
PID 1748 wrote to memory of 2172	1748	cmd.exe	16
PID 1748 wrote to memory of 2612	1748	cmd.exe	33
PID 1748 wrote to memory of 2612	1748	cmd.exe	33
PID 1748 wrote to memory of 2612	1748	cmd.exe	33
PID 1748 wrote to memory of 2612	1748	cmd.exe	33
PID 2612 wrote to memory of 2584	2612	u.dll	32
PID 2612 wrote to memory of 2584	2612	u.dll	32
PID 2612 wrote to memory of 2584	2612	u.dll	32
PID 2612 wrote to memory of 2584	2612	u.dll	32
PID 1748 wrote to memory of 1424	1748	cmd.exe	31
PID 1748 wrote to memory of 1424	1748	cmd.exe	31
PID 1748 wrote to memory of 1424	1748	cmd.exe	31
PID 1748 wrote to memory of 1424	1748	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 3f0eeb128d467aa69c3ee8afceb4206c.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:2172

C:\Users\Admin\AppData\Local\Temp\3f0eeb128d467aa69c3ee8afceb4206c.exe
"C:\Users\Admin\AppData\Local\Temp\3f0eeb128d467aa69c3ee8afceb4206c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\2A8A.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\2A8A.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe2A8B.tmp"
1⤵
- Executes dropped EXE
PID:2584

memory/2188-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2188-109-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2584-95-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2584-100-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2612-93-0x0000000001DF0000-0x0000000001E24000-memory.dmp

Filesize
208KB

Download
memory/2612-91-0x0000000001DF0000-0x0000000001E24000-memory.dmp

Filesize
208KB

Download