Analysis

  • max time kernel
    142s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 04:17

General

  • Target

    04c874fe020aa6a4b23bbb8d5cdb2cc2.exe

  • Size

    208KB

  • MD5

    04c874fe020aa6a4b23bbb8d5cdb2cc2

  • SHA1

    d914a0e2e687f47efecec1a00dc8f3f44f81a89f

  • SHA256

    bb78d652d9dcc275e0c57003feb2e59aa88cde6dd485838cbb26c94196005613

  • SHA512

    96ec45011b4657f4078d1c3be51d2f37e3c6ebb03f5f79ee1990450d14bf5b47b12337d7ea1d734d738cf6f48f0df6e642c3da9fc4cffe4068e92c255cd524aa

  • SSDEEP

    6144:5lkXIuyMYQaXov/5jMfqJGFQrtaa6n3jnL2OsLb:YXIfl/XSjYPX7LJC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04c874fe020aa6a4b23bbb8d5cdb2cc2.exe
    "C:\Users\Admin\AppData\Local\Temp\04c874fe020aa6a4b23bbb8d5cdb2cc2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\9972.tmp\vir.bat""
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1700
      • C:\Users\Admin\AppData\Local\Temp\u.dll
        u.dll -bat vir.bat -save 04c874fe020aa6a4b23bbb8d5cdb2cc2.exe.com -include s.dll -overwrite -nodelete
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2100
        • C:\Users\Admin\AppData\Local\Temp\9BB3.tmp\mpress.exe
          "C:\Users\Admin\AppData\Local\Temp\9BB3.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp"
          4⤵
          • Executes dropped EXE
          PID:2792
      • C:\Users\Admin\AppData\Local\Temp\u.dll
        u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
        3⤵
        • Executes dropped EXE
        PID:2560
      • C:\Windows\SysWOW64\calc.exe
        CALC.EXE
        3⤵
          PID:1036

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\9972.tmp\vir.bat

      Filesize

      1KB

      MD5

      085d1a0bd7ac3a07a52efce6f60b1667

      SHA1

      2802b4be7df6b882c5aa508074946f78a9c022a2

      SHA256

      76ecbd5d64212d1081d0eb4b4ae9efa97ff500aa1cb0b7b843a9cad4ef11245f

      SHA512

      78f4c3b26e4c534ae45d43a91d1cd7006cf9b0b622a5192dd4e217983e0c35e3903eedf5ec4ade1b32f29b31b37bc96eb15614f2e021a3fe170a03cda08a04b9

    • C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp

      Filesize

      41KB

      MD5

      863c72510f3c30b4e2cd208090af8b92

      SHA1

      3c5a6732c904ba8c3004e257d5008beb5311b7af

      SHA256

      87454715574db5716ae855a6dd5a09f80a0ce0adba4699b485dc3152dc3ce544

      SHA512

      d7356b3561c3a8e84cc004d3852e3f8562023e4819e9e07e52b3fbdbb5645c64f9a436bcaea55b24e0fdd231b16d0941ad027db9870230db38a0ca81985d452b

    • C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp

      Filesize

      41KB

      MD5

      0277cd7069c4c1240145acdece553204

      SHA1

      a052ea50eefbf28012eaf0185d2ab0d4300ee05b

      SHA256

      3e04b97d881e41e03f3dea65d045869deb21a552b02f4500810df69ae848e0da

      SHA512

      782532f418a2b46532e5bfec4fdded923a6a7cafff7356b9898b17d3edb02567585b4fae78cbaadf2f14c8deafdfc4a4b779cf273bd1dc14d9f2327cf244588c

    • C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp

      Filesize

      25KB

      MD5

      7ff19a32a8549b7585f7c8a7a1d3af14

      SHA1

      18e657af5ed623c264d5d82fd3b7872b42ab50ab

      SHA256

      f01a68893988b9c711e4dd51964586ce8661d40d8803a8d75e2597847e38786e

      SHA512

      4c049553e4635d95e2af999e5153498cfcb94ea3deef7f480cc0f644591e9fbc7287a71ac456963a215f7cd271c855f392bece810194e21c4104a5c4895d4ad6

    • C:\Users\Admin\AppData\Local\Temp\s.dll

      Filesize

      700KB

      MD5

      e4127ceb5db948172fd241be25b36358

      SHA1

      5a01fa3772c6d27630d50c73fadac9508780c51a

      SHA256

      f3e8cd29180b07115d0d33a3ecf0c542da05680aee99971aa7e9bd2423597f70

      SHA512

      13dd5db60d2faeaee632b62a3c92b323215931250ed8a1513a0af9b92c335dbf4b6c458e266bc08431eccff36256203dc81488e6f83185bdee737eed1a82883d

    • C:\Users\Admin\AppData\Local\Temp\u.dll

      Filesize

      192KB

      MD5

      f41d53d2c18047a6f671f555c695382e

      SHA1

      2ec570ad2ae38ccfa6bd6bc8276af3411dabf102

      SHA256

      557df516e26bf2e6e9eb6cd72849d7969ba6c476bca74a94d16f233595d52b05

      SHA512

      09c91210aba54d2ac0369368f83500b4bdf99d89fb282fc911f42c5d021dcdf441d2605651fc9bbe8e8f4ae354265ac2fb6244e53b5e0827fbff1983abc68ec7

    • C:\Users\Admin\AppData\Local\Temp\vir.bat

      Filesize

      1KB

      MD5

      4868162f3b5a8d50d3b626419f6c2c5b

      SHA1

      9647c0fced47739b5bf1e5a832de936590694105

      SHA256

      9bb9e9400feaaf7eb9f0cd53889158756290442e304a79a91b846e38446927ec

      SHA512

      e1c6d88dede2c29f6122dbb15ce8ecbdc57e213c53c4dc1cc045ae0be2c9a83767e7df664d469c4dd237333acb986f64941c981f75d8be8e182fb7da21409638

    • C:\Users\Admin\AppData\Local\Temp\vir.bat

      Filesize

      1KB

      MD5

      d13aa0d77436fec7a34e6657084311ff

      SHA1

      fe91c47cf7686745262839336d7f9c7b38e79020

      SHA256

      63fe5973b61600106b7c3ae7b782746e75cfe2fdb5581ee9bc25a596b25bbbc8

      SHA512

      40affdbb4e27de19ab7c6bbfad176d8b8dec622fe263750ff0e40d0992d8c2f173dfda733a3311ca8872eb2bf94fd68a9e0215eb51b54eaac5b859305c291376

    • \Users\Admin\AppData\Local\Temp\9BB3.tmp\mpress.exe

      Filesize

      100KB

      MD5

      e42b81b9636152c78ba480c1c47d3c7f

      SHA1

      66a2fca3925428ee91ad9df5b76b90b34d28e0f8

      SHA256

      7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

      SHA512

      4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

    • \Users\Admin\AppData\Local\Temp\u.dll

      Filesize

      517KB

      MD5

      cfd1f9755053d0e4b4931ac4631d1edd

      SHA1

      c2941efdaf81f78c599c824d13eeab7fcaab573b

      SHA256

      f4a0ca621ce9a4ef1358cb5b928f8c12d6738d3fc4e64859690f58592c5c94f0

      SHA512

      53cc47637942da8fde39b6950bba51628c582dccf4b2348f602f3092799e6cbafa3cb3e844ccb63cbb3559f3014e572afaea51f2e47b84e7c1b4e86c5af7b69d

    • memory/2052-0-0x0000000000400000-0x00000000004BF000-memory.dmp

      Filesize

      764KB

    • memory/2052-111-0x0000000000400000-0x00000000004BF000-memory.dmp

      Filesize

      764KB

    • memory/2100-61-0x00000000002B0000-0x00000000002E4000-memory.dmp

      Filesize

      208KB

    • memory/2792-73-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB