7a28638f9c7f527fb47c763ef1db3d81beddf29a5cd93ff77b2e6a5fdf0ac0ae

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:26 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14692a0407821da0b5e3fb9fcfdb0bd3.exe
Size

209KB
MD5

14692a0407821da0b5e3fb9fcfdb0bd3
SHA1

7eee502d14a3f8a1b8a63ff6445d0196725da6a6
SHA256

7a28638f9c7f527fb47c763ef1db3d81beddf29a5cd93ff77b2e6a5fdf0ac0ae
SHA512

6cb6bd5b7b7b7117e71a8866265ffab558671824bed5cc872cb013672daa7aa1ea9493dd0e1b774251dd633c991c97a5915aea22c95ec589b2ed2383b2965d13
SSDEEP

6144:8lsSFhz3fpYZTmV1Jb3YdquGhWXsO/P3gZjjhMSiwduCjn/fm8:bUhbpBd3gqUXsuWCx4/f

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2740	u.dll
2612	mpress.exe
1900	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2816	cmd.exe
2816	cmd.exe
2740	u.dll
2740	u.dll
2816	cmd.exe
2816	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2816	2184	14692a0407821da0b5e3fb9fcfdb0bd3.exe	29
PID 2184 wrote to memory of 2816	2184	14692a0407821da0b5e3fb9fcfdb0bd3.exe	29
PID 2184 wrote to memory of 2816	2184	14692a0407821da0b5e3fb9fcfdb0bd3.exe	29
PID 2184 wrote to memory of 2816	2184	14692a0407821da0b5e3fb9fcfdb0bd3.exe	29
PID 2816 wrote to memory of 2740	2816	cmd.exe	30
PID 2816 wrote to memory of 2740	2816	cmd.exe	30
PID 2816 wrote to memory of 2740	2816	cmd.exe	30
PID 2816 wrote to memory of 2740	2816	cmd.exe	30
PID 2740 wrote to memory of 2612	2740	u.dll	31
PID 2740 wrote to memory of 2612	2740	u.dll	31
PID 2740 wrote to memory of 2612	2740	u.dll	31
PID 2740 wrote to memory of 2612	2740	u.dll	31
PID 2816 wrote to memory of 1900	2816	cmd.exe	32
PID 2816 wrote to memory of 1900	2816	cmd.exe	32
PID 2816 wrote to memory of 1900	2816	cmd.exe	32
PID 2816 wrote to memory of 1900	2816	cmd.exe	32
PID 2816 wrote to memory of 3012	2816	cmd.exe	33
PID 2816 wrote to memory of 3012	2816	cmd.exe	33
PID 2816 wrote to memory of 3012	2816	cmd.exe	33
PID 2816 wrote to memory of 3012	2816	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\14692a0407821da0b5e3fb9fcfdb0bd3.exe
"C:\Users\Admin\AppData\Local\Temp\14692a0407821da0b5e3fb9fcfdb0bd3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7224.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 14692a0407821da0b5e3fb9fcfdb0bd3.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\7407.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\7407.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe7408.tmp"
      4⤵
      Executes dropped EXE
      PID:2612
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1900
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7224.tmp\vir.bat

Filesize
1KB

MD5
c38988289f96edf1c560611377d7a99d

SHA1
a3a5ed7f46c97327392854be4109322f6b9e50d8

SHA256
7d8a589aa280d38483983a745fe7df51ed0c8bacb9309079d4209489fc5708f7

SHA512
b40c1e14c76d2e6d06afc354d3394a3b68ec8ee626be0d4c64ff5857b1459128e43bac77d19937413be3bf96cca7ae9cc6b5b981d1c21bc26773672d2bc206e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7408.tmp

Filesize
41KB

MD5
ebcc0f877b80fa4157b2f780c6863c50

SHA1
e9bc8f799887a43ef7445bf39124075a2baf1b3c

SHA256
9053aa322aa1443a79c4ef7b1447f92d05c9d3c023902ef4de3abaaccdc6df01

SHA512
7d000c34f9de9c41cef651f3e681f97b147a251de69ecbc3743e437f97ce10cc33d1f3d5fc45c10d1b75bac3de5b86ff8ae50bb629fafb34bbf0a4c5593aa945

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7408.tmp

Filesize
741KB

MD5
d019122cf6b255b3fa00163eba1f9023

SHA1
6d9ff19a46e0c20fc3972a39a25b19236de307c4

SHA256
743f6c6ce86c199b39d3ff0b484c66ebc9b9b69c970580de1d6ff07111337aac

SHA512
1167a8b5f90e9cf49bb52710eb1dc78bcae32091d2c6b60a88ae9bdf2bc045df1707f119f5fb6fd799f0a914f747412744129753c4578d351040fc2f68e71b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7408.tmp

Filesize
207KB

MD5
4ef5df4279d3bcb33a5710823e845c40

SHA1
aeab1e44c9735cee7c2356dc8284348710b75b1d

SHA256
8ec64c8bc9770a47b0c5ded390907cb5589188bfe012a81e4d573092bb158369

SHA512
dc0010d4e483350e16b497b0064749aa8e7e51e8c4886c2033e6f40af6dd9115691e12f35c335e8365c61696ff8a2bb683b8064332f4457ea69a51bc425802a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe77DF.tmp

Filesize
41KB

MD5
bac68e690b1c14dba6029b68bf6485e0

SHA1
911ac3beb4e166a4fd3e263787175b257a8a2125

SHA256
45422da2885226ab32d568f8155b68c173675a7a5ca058f1e75feddc5229348d

SHA512
6ab4ded492eb5c594ba5a0da0eb0f6f812b459de500b9111264276e6eadaefd58e470abb2bebd4c044b689dddd08a919a947417f53d246e4547befc859f5d34a

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
77ba6153827a203577b5d79c941e801c

SHA1
6deb4bdee67f4fb1a01ffa702e7941220c00f5a0

SHA256
7df73edded92f9b3f8e0639a4acaac72fdee2358eb0325e5cd66b23b44ce9bf7

SHA512
65d6b016a9109dc3358f7952fef0eb520a79a3084cb6da4f30558ebfeaf127f046408366452b178f43fd75d5a077118301326899f0207ed38b96310273824ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
400cea674fe8ebbab38e3890f88d0fb2

SHA1
636c3619c9edb07cb572ac67d8fe7b30314b2248

SHA256
537fc477a596d90faaacfb91435e7764ee38b91e68faaee298770bbb8aa84c4a

SHA512
3ee5e1abb239d0624cecb2fe0321b488adc1019dccc5d5d63345558f15ee2dac5533765fcc2271f612aade6adf2af8ddbc190f2418cd9f7e5dd5242b627f74ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
fb20c9a232876ae6676f4e60eba4f1e9

SHA1
7bef9cca9dff7cf3f28702acc22fd215b288bbfd

SHA256
e440b0a9997480e26d53a91ad3ded3aa1f8e3359f04e583dfe30a69ad497aa83

SHA512
49de1796caae45cabf07f942c85b6f724869a4e5c3d9bed259a9ac6465a190d1995eaf066e93e9cd9eb6115db0e705f6605661894bfd805a0df779271f83ad70

Download Submit
\Users\Admin\AppData\Local\Temp\7407.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2184-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2184-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2612-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2612-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2740-68-0x0000000000660000-0x0000000000694000-memory.dmp

Filesize
208KB

Download
memory/2740-66-0x0000000000660000-0x0000000000694000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.