bc790d625820e5dc84ffc42f7c634ea635f544b855599fd94920d1eaf4e677e6

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 14:37

Target

2631b9a0e662e017e2488b7aec2bd7c9.exe
Size

209KB
MD5

2631b9a0e662e017e2488b7aec2bd7c9
SHA1

3dd3566ced59c93ada9d835cb29375852fa0a400
SHA256

bc790d625820e5dc84ffc42f7c634ea635f544b855599fd94920d1eaf4e677e6
SHA512

080130d1d691310b40f7a9da8891e70e68a5372cbacb888dc4cd0972bb8d12dffb137d72e4d74ad9bbf7e8ad481c2e1f3103d684abc0da0dc6869311c85b8115
SSDEEP

6144:6li5vOmAze306/TiiHzXc0egPUz3lE1UbKH:5Zuy/TiyXxegIU

Score

7^/10

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 868	2216	2631b9a0e662e017e2488b7aec2bd7c9.exe	15
PID 2216 wrote to memory of 868	2216	2631b9a0e662e017e2488b7aec2bd7c9.exe	15
PID 2216 wrote to memory of 868	2216	2631b9a0e662e017e2488b7aec2bd7c9.exe	15
PID 2216 wrote to memory of 868	2216	2631b9a0e662e017e2488b7aec2bd7c9.exe	15
PID 868 wrote to memory of 820	868	cmd.exe	14
PID 868 wrote to memory of 820	868	cmd.exe	14
PID 868 wrote to memory of 820	868	cmd.exe	14
PID 868 wrote to memory of 820	868	cmd.exe	14
PID 868 wrote to memory of 2568	868	cmd.exe	33
PID 868 wrote to memory of 2568	868	cmd.exe	33
PID 868 wrote to memory of 2568	868	cmd.exe	33
PID 868 wrote to memory of 2568	868	cmd.exe	33
PID 2568 wrote to memory of 2424	2568	u.dll	32
PID 2568 wrote to memory of 2424	2568	u.dll	32
PID 2568 wrote to memory of 2424	2568	u.dll	32
PID 2568 wrote to memory of 2424	2568	u.dll	32
PID 868 wrote to memory of 2804	868	cmd.exe	31
PID 868 wrote to memory of 2804	868	cmd.exe	31
PID 868 wrote to memory of 2804	868	cmd.exe	31
PID 868 wrote to memory of 2804	868	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 2631b9a0e662e017e2488b7aec2bd7c9.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:820

C:\Users\Admin\AppData\Local\Temp\2631b9a0e662e017e2488b7aec2bd7c9.exe
"C:\Users\Admin\AppData\Local\Temp\2631b9a0e662e017e2488b7aec2bd7c9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\2A2C.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\2A2C.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe2A2D.tmp"
1⤵
- Executes dropped EXE
PID:2424

C:\Users\Admin\AppData\Local\Temp\E24.tmp\vir.bat

Filesize
2KB

MD5
f4e056560d3169270325f69da494f7b8

SHA1
0f3b66401cdb1b935bcfc80927490ae896ab6f7c

SHA256
e0a987bb0d8abb1d45263aa813df6ed3e1a411647d9872093fc1cf869c24c275

SHA512
62691de57efb468ca22aad3dbd03aa6106cd0b038509d395e248916544d221f0b0f312ccb175f7748c0336f4a5cc1ec2d1635e306d01121e7b70ddddbaf320f3

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
3ead3d1666a7ba5496ca7f0bdba490e6

SHA1
1c2707e1ed0b80eceb9e222e7c12e922e1ad1a13

SHA256
9c86a7b9cbd93a18253b5101b8a4272f9396e752177b5a49520384df06f18f5d

SHA512
147d684c5f73aa2aadc05c01c9aa31e887242edf53b97f151024ddf84384b2517dc6bd9a7bb52d9c607f47583b7b4868e809ad042e7f8e951e6a331004c62335

Download Submit
memory/2216-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2216-109-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2424-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2424-100-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2568-94-0x0000000000550000-0x0000000000584000-memory.dmp

Filesize
208KB

Download
memory/2568-91-0x0000000000550000-0x0000000000584000-memory.dmp

Filesize
208KB

Download