51a2a7cd3b67e62bb47545f746ea8b31fccbbeba453ed727ff8c6ba4b9608506

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a340e02387459453d889f2e8bfbc96c.exe
Size

212KB
MD5

2a340e02387459453d889f2e8bfbc96c
SHA1

3d911c9f07b35f7aa9c782e148984740f29b7e6f
SHA256

51a2a7cd3b67e62bb47545f746ea8b31fccbbeba453ed727ff8c6ba4b9608506
SHA512

d799d907d0b4791858465fc24c98550364f017a6b3c5ded71b273c4a5ceab5f3cfdae9456a667e40e6fbaeb78afcfb79f75f021907d7fef96d91c4c53cc64fd8
SSDEEP

6144:slpTBr0JxRt2djT6dRyK+KdYhjnShGkRc:wFOx0jmDd6jShGkR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3052	u.dll
2188	mpress.exe
2348	u.dll
2724	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
3008	cmd.exe
3008	cmd.exe
3052	u.dll
3052	u.dll
3008	cmd.exe
3008	cmd.exe
2348	u.dll
2348	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 3008	936	2a340e02387459453d889f2e8bfbc96c.exe	29
PID 936 wrote to memory of 3008	936	2a340e02387459453d889f2e8bfbc96c.exe	29
PID 936 wrote to memory of 3008	936	2a340e02387459453d889f2e8bfbc96c.exe	29
PID 936 wrote to memory of 3008	936	2a340e02387459453d889f2e8bfbc96c.exe	29
PID 3008 wrote to memory of 3052	3008	cmd.exe	30
PID 3008 wrote to memory of 3052	3008	cmd.exe	30
PID 3008 wrote to memory of 3052	3008	cmd.exe	30
PID 3008 wrote to memory of 3052	3008	cmd.exe	30
PID 3052 wrote to memory of 2188	3052	u.dll	31
PID 3052 wrote to memory of 2188	3052	u.dll	31
PID 3052 wrote to memory of 2188	3052	u.dll	31
PID 3052 wrote to memory of 2188	3052	u.dll	31
PID 3008 wrote to memory of 2348	3008	cmd.exe	32
PID 3008 wrote to memory of 2348	3008	cmd.exe	32
PID 3008 wrote to memory of 2348	3008	cmd.exe	32
PID 3008 wrote to memory of 2348	3008	cmd.exe	32
PID 2348 wrote to memory of 2724	2348	u.dll	33
PID 2348 wrote to memory of 2724	2348	u.dll	33
PID 2348 wrote to memory of 2724	2348	u.dll	33
PID 2348 wrote to memory of 2724	2348	u.dll	33
PID 3008 wrote to memory of 2020	3008	cmd.exe	34
PID 3008 wrote to memory of 2020	3008	cmd.exe	34
PID 3008 wrote to memory of 2020	3008	cmd.exe	34
PID 3008 wrote to memory of 2020	3008	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\2a340e02387459453d889f2e8bfbc96c.exe
"C:\Users\Admin\AppData\Local\Temp\2a340e02387459453d889f2e8bfbc96c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:936
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\8F93.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 2a340e02387459453d889f2e8bfbc96c.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\91A5.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\91A5.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe91B6.tmp"
      4⤵
      Executes dropped EXE
      PID:2188
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\951E.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\951E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe952F.tmp"
      4⤵
      Executes dropped EXE
      PID:2724
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8F93.tmp\vir.bat

Filesize
763B

MD5
9487760f28c48bc5dc4713912d67d97a

SHA1
71f48e61664f4c0624f7904197e5909643ff682c

SHA256
2b0fb81763a09ba485f1c9858fb6d3928a4767089c48f6905f6e0108a8c7a4e4

SHA512
54ba2dcb3fc85e83d4a7bc7c77afc1721565e614e94a39d4c8f6fa9173517cffbbd1614ae3595f7015b32a7d08fef39a2614fbfe9930e5e1397a701ea5d6e983

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe91B6.tmp

Filesize
41KB

MD5
81700f10a09dd9cf35f7f9a656962ccd

SHA1
3a41b40fa37c2d12d4396850a44c2b715524daac

SHA256
6da1c3cdaa0e6f4e6ca85773b8ae7569fc0dfd7dd4dcf0ed4cab5b79e4c3da1b

SHA512
a6b88658c264e848b386efdfa144d63cd55514c44ccfe497cf495b98c93f2e44d6852e59f8d2e3763abe56db140820a46ee0050de238a34b064564b3f5b9c73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe91B6.tmp

Filesize
24KB

MD5
adb0a7c1c9a8e9d874da3eb2aa7a19a5

SHA1
9b18273a5e39131e361e3b6fb3f4573a2d244e11

SHA256
623dce686afb6e14a73619242d1e5979bd7fd97d4d296ef11290218aacb2c231

SHA512
7d77df49b95a7fd7514b153fdf8bb2cc13cc46fccff4d2ec7d53f2f6bad2744bb443ed7e6eb0b2cb6aac6a49fa503e7f3c4726214a56919b0912a62e8ca6fde9

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe952F.tmp

Filesize
41KB

MD5
92fd3829b084c641bd63f33e4ece6124

SHA1
d61a9eee023d7d99b8698bdeeabe926c78ef46df

SHA256
6ed918b17f4de0944cb2b93abe89f3d787ab4812055a327f455b38ac5685edaa

SHA512
f5212597f4104bb60c916c88fd56a60f68b0357b3ed30c216045c3cfabaa63a3b8e02960e52fc7b3e96a84b5320693a895ee8257ad0e99a1c194a331b15066ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe952F.tmp

Filesize
41KB

MD5
5185754d880aaf295847d5517075ef01

SHA1
d4411da5c2d066f948ad298a7c2f74f15777238c

SHA256
6d0327062266295e97d3a9a7408ac09f906d416546934a9f247571d9a544dad2

SHA512
9dfcb9dfec260c98a57d5389709da59f39f15630bc31e54fa7b36f126455284b4566658084456f77aa9c6eaa921dfd456d2ab059498b3900f4bd1213080b2180

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe952F.tmp

Filesize
25KB

MD5
520109b249039314b290e4adb001002c

SHA1
eee45f0bc719772748690438305946f2ce0da1be

SHA256
648030f2226a407edf1f0a2ef33cbaff3ca1842666f1331f20437110b0cb21d1

SHA512
35ad384a2475c5a3110b9995cbcfec3490b0e273fd8d4c9b465ff7c51af9cae417f1365a62cb83622d13fe510476d39dec5652ac7f406f240e010c1fb34825f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
7b1c37fcd3b5b90fe4dadcd3c44f48b2

SHA1
b708c6d7522ea926c238d88acc7a460458b91225

SHA256
338b4ed66bc3472d15c3021c9d4f0ce8afb1d19fe864cdb32e4a8deb4070ad5f

SHA512
850e9dc09a719631426410826aa55a4461e9a2166d70c214a738b5f704249cfa9e6ed1c510e49ebf0b1d17884f5f49a567c9f7d478893baa2c8934e492cf6dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
777B

MD5
8fa359f94b7d2c57ab070e28bcb18889

SHA1
bb5d739493231dbd2273de6a609a067537eccd3f

SHA256
ab502a3c856e7f39a1306cd5c6dd54a153b8a99fba7f537d63ce1d6d3927588a

SHA512
c07a1978cec19da872ea77e8f01dcb03e21f9d4812a54bdce706590b87f7187af9a7a4f04b9accd4f403f6ebe7ddad4d1286e2823b8d33a668e09b72ca1a138b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
801B

MD5
5662acc6dfdea457daefedca1d40b076

SHA1
7f2c0fc05a88cb94d335dab8146d4e4e8d02373d

SHA256
826c2c64111afc5cba4059739a9885c7be617adb826b1c43c483df9c7a7b48c4

SHA512
214d549cea1c13bf3575ce94e1fe9f360508a5f6b1fcbe03c793b960201d8248617a4662c651998b7f0b78887d40aadb09070f3e92f3f8393fcb3eb872877600

Download Submit
\Users\Admin\AppData\Local\Temp\91A5.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/936-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/936-158-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2188-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2188-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2348-139-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2724-142-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2724-147-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3052-63-0x0000000000290000-0x00000000002C4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads