f90b6053119a3186a5784c481e88a29529867bac303b6712764e701d8e4e1c94

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0928f1d538efecd0d201f4b051c7880e.exe
Size

208KB
MD5

0928f1d538efecd0d201f4b051c7880e
SHA1

1e68110c7431febe81a3c07af170994924bc7344
SHA256

f90b6053119a3186a5784c481e88a29529867bac303b6712764e701d8e4e1c94
SHA512

24fb682e087db0d95ee39a2d45837fa774b1495b3b936589c6ace568ce2c53274cc5bec2d869aced0e858ac7c45a448ce1a81a57845ef0b0b8434668777781cd
SSDEEP

6144:9l0n6auUSQj4OP6LudmHrdQZG4cEh2GI+rkrojIUmVBTvNzXaSL:Mn6auzudmLWIniI+eoUUANrVL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2724	u.dll
1444	u.dll
2132	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
1804	cmd.exe
1804	cmd.exe
1804	cmd.exe
1804	cmd.exe
1444	u.dll
1444	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1804	2248	0928f1d538efecd0d201f4b051c7880e.exe	29
PID 2248 wrote to memory of 1804	2248	0928f1d538efecd0d201f4b051c7880e.exe	29
PID 2248 wrote to memory of 1804	2248	0928f1d538efecd0d201f4b051c7880e.exe	29
PID 2248 wrote to memory of 1804	2248	0928f1d538efecd0d201f4b051c7880e.exe	29
PID 1804 wrote to memory of 2724	1804	cmd.exe	30
PID 1804 wrote to memory of 2724	1804	cmd.exe	30
PID 1804 wrote to memory of 2724	1804	cmd.exe	30
PID 1804 wrote to memory of 2724	1804	cmd.exe	30
PID 1804 wrote to memory of 1444	1804	cmd.exe	31
PID 1804 wrote to memory of 1444	1804	cmd.exe	31
PID 1804 wrote to memory of 1444	1804	cmd.exe	31
PID 1804 wrote to memory of 1444	1804	cmd.exe	31
PID 1444 wrote to memory of 2132	1444	u.dll	32
PID 1444 wrote to memory of 2132	1444	u.dll	32
PID 1444 wrote to memory of 2132	1444	u.dll	32
PID 1444 wrote to memory of 2132	1444	u.dll	32
PID 1804 wrote to memory of 2268	1804	cmd.exe	33
PID 1804 wrote to memory of 2268	1804	cmd.exe	33
PID 1804 wrote to memory of 2268	1804	cmd.exe	33
PID 1804 wrote to memory of 2268	1804	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\0928f1d538efecd0d201f4b051c7880e.exe
"C:\Users\Admin\AppData\Local\Temp\0928f1d538efecd0d201f4b051c7880e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\149A.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0928f1d538efecd0d201f4b051c7880e.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\3092.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3092.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3093.tmp"
      4⤵
      Executes dropped EXE
      PID:2132
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\149A.tmp\vir.bat

Filesize
1KB

MD5
c9b5421c4a899df95a653463bb65bfb1

SHA1
20e269aba0e4b8b119308b757f706f289271b978

SHA256
600376650d15350333c33db7f16529db92b53460089766d497b77bc742f6c11f

SHA512
b40f1a7636e60a7d051582ed259234b32cda9bb689b2ff5acae565322988a439173c71de893b99d2604f63626fd96b94def122997265f27e3d1f3cd921d9ee62

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3093.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3093.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
358KB

MD5
fb314e340d0462b0ed0935eabbea97c4

SHA1
32c17b969a4bfea061cb545efc64c7e20309313a

SHA256
1c22b0e3c791bd313a95cabb3ef1d548357c011f8e671afbc74453a71eaa1739

SHA512
91ca372c8897564b53e0ba179f081d4ec59b0e9ae88ae116f50473bfbd61f6af341a29d2875386f192e01ef74b0ae316dc6552a6892d34446220b8a77d8783ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
440KB

MD5
8b472195643a5099782d71f6d48273e5

SHA1
c8c37f2eee45cae52bb8fb593e581e9d34db1657

SHA256
369f28567bedb3ff9529af89088c828905fa2b56ba351bc7aaf1ef6d6969f89c

SHA512
e607a7d3f3300f7df8892c2b55958f20eaa05c29add5571e8de45bb99ff55bfbda0e9a67a83f0700d68e18ae65bca8d230807a19f168c8e77bda8b560c17d9f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
85KB

MD5
e92166de195f99b3e89dda56323fe6b7

SHA1
b719f8e9a139c97a69daebeeb6965cd955bda7b8

SHA256
2de77419ef5f8c801b4c526876ca2a981c49365ff5b90780ae8a9a23bcfe08ef

SHA512
a2c56b6885bf3aeb3068303601dcda08ae4e67a4b1582fa3d978924a898ccf82eec70f4a9dbde001bcd1328232edf516df9c83f249eaa4ed94d6a9ac75c4602b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2d2ad4fd18669ee01fce04e987ea168a

SHA1
4085c1f2d907e10bae89067c2009035a93757cff

SHA256
5d82532022708f5ed84f12781d27054960cbafd7fe4ad8d57987ef7cfaa0f9fc

SHA512
86dcf83816d0a72a509881b8ba22736f45d6a4cefab9a48ae11e3efcb89d29227094870d8885bb692575c8aa01cdce72b0328de9fc4b74bac4b74a5673c2882f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
eb1940275735d754d481a4138b8d99a6

SHA1
c51e632c409017eb7ac05e7b5ccafcadef3d7772

SHA256
8d85135a606923c8f4b82086c376bd348bd461ac829eade6953842e6a713984c

SHA512
54206daf0ee3e38f8c2a24c5867c4a20eb86db099b2cf4d21b790764443d66ea47126046d8a03bdef813cead716d8ec0dc7c6d534c55708bba82e72060da5fb4

Download Submit
\Users\Admin\AppData\Local\Temp\3092.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
487KB

MD5
01613708db81dfde32d9fbd6d92da4ea

SHA1
2a0a8a630f3e01ae5b298dc213d54f465ed5dccf

SHA256
c41e61b2f6252052d71aaf80e3045997f58c16444a7859c12fac0449536334f4

SHA512
bc9f25c1c70fdbe594a5c780b980d28846c8253c5d153517b137a97d9cfe476fb2c0d447f6d645a17068be9398ef601d11df0da0ebe701ac17a94a192feca266

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
299KB

MD5
cf058077708f453bf7ed1ea0ccba5629

SHA1
816e9a8b8b122e6f81d65c80d06bbfaab03f5534

SHA256
733aa2e62df138aed502b35ca6482544f9547dfb9d61a0ab7797c18a0365ccdf

SHA512
eba2e381642a493e88a693edb4d0f882b9874bda29240527536fb56f5f9e88e0558c745428861d918d0689af2309fe556f3197fe4b598ae1d2580d46a13ba545

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
694KB

MD5
32172ff8e4c9fdf99b9ef7d2d476fba3

SHA1
7a2829dd71220909069dd268e9a63b210a810695

SHA256
fe754054d01b6fcdae186f97fa15df2de6b9e3faf54c6cc5bec3a1844c0ee611

SHA512
15184c8b2f968051fa9ef271d860967e24cd03406d5135d613fb2d35413e8c291f2765481091007795059ce2a6668b77aa18a49812ee836279b304f7b7429247

Download Submit
memory/1444-98-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/1444-95-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/2132-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2132-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2248-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2248-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads