eb414e1be821fd0841cff7b2f6eddcd809381f2421e360939081503f12622a28

General

Target

1bc296505ad5347e2952423e43eaf2c2.exe
Size

209KB
MD5

1bc296505ad5347e2952423e43eaf2c2
SHA1

183d36e5f462dbf8edf0514f9aabe35209a4a0c9
SHA256

eb414e1be821fd0841cff7b2f6eddcd809381f2421e360939081503f12622a28
SHA512

7b5ebe1f8487f853b0844d0570226f8f6b6758d613956420ce536a5618482116ef0007e3655dcc478101225bc9f6ce14fac2080d09ca42eae0804599de485b50
SSDEEP

6144:Dl9ckdy8eksuzWm8FmRBYE6C9uNB1k7fgC:vcmy8eklzWmE71kj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2780	u.dll
2580	u.dll
2524	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
3060	cmd.exe
3060	cmd.exe
3060	cmd.exe
3060	cmd.exe
2580	u.dll
2580	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 3060	2620	1bc296505ad5347e2952423e43eaf2c2.exe	29
PID 2620 wrote to memory of 3060	2620	1bc296505ad5347e2952423e43eaf2c2.exe	29
PID 2620 wrote to memory of 3060	2620	1bc296505ad5347e2952423e43eaf2c2.exe	29
PID 2620 wrote to memory of 3060	2620	1bc296505ad5347e2952423e43eaf2c2.exe	29
PID 3060 wrote to memory of 2780	3060	cmd.exe	30
PID 3060 wrote to memory of 2780	3060	cmd.exe	30
PID 3060 wrote to memory of 2780	3060	cmd.exe	30
PID 3060 wrote to memory of 2780	3060	cmd.exe	30
PID 3060 wrote to memory of 2580	3060	cmd.exe	31
PID 3060 wrote to memory of 2580	3060	cmd.exe	31
PID 3060 wrote to memory of 2580	3060	cmd.exe	31
PID 3060 wrote to memory of 2580	3060	cmd.exe	31
PID 2580 wrote to memory of 2524	2580	u.dll	32
PID 2580 wrote to memory of 2524	2580	u.dll	32
PID 2580 wrote to memory of 2524	2580	u.dll	32
PID 2580 wrote to memory of 2524	2580	u.dll	32
PID 3060 wrote to memory of 1020	3060	cmd.exe	33
PID 3060 wrote to memory of 1020	3060	cmd.exe	33
PID 3060 wrote to memory of 1020	3060	cmd.exe	33
PID 3060 wrote to memory of 1020	3060	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\1bc296505ad5347e2952423e43eaf2c2.exe
"C:\Users\Admin\AppData\Local\Temp\1bc296505ad5347e2952423e43eaf2c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7C8F.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 1bc296505ad5347e2952423e43eaf2c2.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\977F.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\977F.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9780.tmp"
      4⤵
      Executes dropped EXE
      PID:2524
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7C8F.tmp\vir.bat

Filesize
1KB

MD5
5d75f943d5be946f3182fdaaa2b0a9bb

SHA1
aa76dc480049382be4c919a1a496a60efd436cdc

SHA256
f03362656677e7e252b11b78136dc6d6617420bfac099016c3d61b5f0514d78e

SHA512
98e6e3a25b073104baa451d3b185e03ae3fa8b1fbf6e817f003f38bce6ad518359806a7593e307b4690283c51aaf4d0713767592e6ab52dbcf5aabc5517c242a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9780.tmp

Filesize
24KB

MD5
ff875d59adbd73ee874b08295fe3a154

SHA1
0d3cca10c250c5b9b0c04981f2068b6ab16165f3

SHA256
3b2c762e0854eec4a1bfa87e688ea1c95e3e5fbaf24968815ff4e0a518f8a822

SHA512
2b058d8b02cf68ce4d3e6029cfcfe68cad618c3f0761973de47b669f3fd9140177b89740bfb37cf55fcbf2d416faf530e7ea34fd446c0e3202b508eac104be68

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9780.tmp

Filesize
41KB

MD5
34c413a874021691b852f8e370987807

SHA1
23953e31264901013c50d21f52bbe9a38f5e3b73

SHA256
e3adec6e3a280977d75216a5c6ffa38a2fe128fb6c91c2d33cf30bfdf7a1afb2

SHA512
01a585ebe91fab0c3c4f9d1577932399408ad837404de3e1e7bf6e2923e9d2d25094e2be317a5b3b8fb31916ed213f94e3fa9339165b2cdc931156e478ae1252

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
83487666be316a39faef6e3dc9afe669

SHA1
b4e1bfe112a461f3ffbe014eb1da46ed5b06fd5a

SHA256
7a65383d268c9b8d3c2b9b7d9b048bc4763ce217ec51301167f9043c4deaa024

SHA512
144fb6062054977d70910ba15dbace6bbc1bcfe7efe495e81eabbce5b2b509250f63ef3aa5b03c7ad77037c921f201cdc07a0d836c5c5edcfa6d309725a71972

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
020d366301ae2ee80945b76473ce946e

SHA1
9c0c5e79b07eb4b432501f2a606a02eb2c5a78e7

SHA256
d4d2afce591fe7408ac184a41724f9366e131238d42fb98e58a5356dd068312c

SHA512
ee3e00fd16423bf7bc294d073ec04ba24b4ef04bd59e8fd8b3ddd7f2db0c6d060f3d0506912e7f13e6e0e5de5630eb2a684ebc552f151a9ac54865239d043dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
66373cc4e56cc767a1ad978767ed559e

SHA1
85e2e2d300b31f9205f9871a8710720ec81e594c

SHA256
e79233c3fcaf0f7456813112f534ae3a4d8b03cc6a31d9095c6398b39496b8fa

SHA512
ff3191d39c17b12760893558e25e49bab2f05c0b68389bec5238ac97c7dee4fff672af44a0a32cce7b255e8268301c69ce90eae579282e8b8b01cc0695d49013

Download Submit
\Users\Admin\AppData\Local\Temp\977F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2524-101-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2580-90-0x0000000001C50000-0x0000000001C84000-memory.dmp

Filesize
208KB

Download
memory/2620-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2620-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads