ee97a1d6b12ceb4d29746bd3306cfb4c7d4e68101a77d92579a2b6bc0b3cb945

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2877add6bc794f3cef19cb4d9a9257ad.exe
Size

209KB
MD5

2877add6bc794f3cef19cb4d9a9257ad
SHA1

1d64d2b6370fe4fddf0fa502168cad7557813a34
SHA256

ee97a1d6b12ceb4d29746bd3306cfb4c7d4e68101a77d92579a2b6bc0b3cb945
SHA512

7e127c7e76c4e16031ee1465e8817fb34cbccf083c08bf9e1aeaf724b32d2b2efaeeaa17a4f729f5f8741f84624d932f1261e3d13556804f16c79714011466e6
SSDEEP

6144:Fl0n6auRWbi9aVyvNyBspW2A6WNnE46L:En6auoQwyvNyuE2QdER

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2164	u.dll
2976	mpress.exe
2668	u.dll

Loads dropped DLL 6 IoCs

pid	Process
3036	cmd.exe
3036	cmd.exe
2164	u.dll
2164	u.dll
3036	cmd.exe
3036	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3036	2904	2877add6bc794f3cef19cb4d9a9257ad.exe	19
PID 2904 wrote to memory of 3036	2904	2877add6bc794f3cef19cb4d9a9257ad.exe	19
PID 2904 wrote to memory of 3036	2904	2877add6bc794f3cef19cb4d9a9257ad.exe	19
PID 2904 wrote to memory of 3036	2904	2877add6bc794f3cef19cb4d9a9257ad.exe	19
PID 3036 wrote to memory of 2164	3036	cmd.exe	18
PID 3036 wrote to memory of 2164	3036	cmd.exe	18
PID 3036 wrote to memory of 2164	3036	cmd.exe	18
PID 3036 wrote to memory of 2164	3036	cmd.exe	18
PID 2164 wrote to memory of 2976	2164	u.dll	17
PID 2164 wrote to memory of 2976	2164	u.dll	17
PID 2164 wrote to memory of 2976	2164	u.dll	17
PID 2164 wrote to memory of 2976	2164	u.dll	17
PID 3036 wrote to memory of 2668	3036	cmd.exe	16
PID 3036 wrote to memory of 2668	3036	cmd.exe	16
PID 3036 wrote to memory of 2668	3036	cmd.exe	16
PID 3036 wrote to memory of 2668	3036	cmd.exe	16
PID 3036 wrote to memory of 2928	3036	cmd.exe	33
PID 3036 wrote to memory of 2928	3036	cmd.exe	33
PID 3036 wrote to memory of 2928	3036	cmd.exe	33
PID 3036 wrote to memory of 2928	3036	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\2877add6bc794f3cef19cb4d9a9257ad.exe
"C:\Users\Admin\AppData\Local\Temp\2877add6bc794f3cef19cb4d9a9257ad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\A9B.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2928

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:2668

C:\Users\Admin\AppData\Local\Temp\ACA.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\ACA.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeACB.tmp"
1⤵
- Executes dropped EXE
PID:2976

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 2877add6bc794f3cef19cb4d9a9257ad.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A9B.tmp\vir.bat

Filesize
1KB

MD5
dd29526dc200dc2ba2d23fbe04335379

SHA1
0572ab16ecaf5bc5d500153eadf9d83464b32f9f

SHA256
b7edc701b9bade87cc2ff6b05bb20e034aa03cef88f5e1e5671735e676ba758a

SHA512
17b1d94b4520e8f12d5c6d015cde69a4239eb2de8a3b396a0ff8c02429c2410427118fd83f4768372effa759547dbc741cebed7ec824058b505ba46fafc93cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
381KB

MD5
6a44fb5c0f9ddb755e483f86e5a717d0

SHA1
2d12472cba6bb76c016d98e1015e36e317e3a730

SHA256
878d149eb8d275219a0e45096b664460e74bbde6deaae65d3e8d917cbdb6f790

SHA512
3787b404ddd92cbc1ddbf07431d443809df3ec3a32803fd3c30aa62890611b3a5ed8df4803cb175dd2acb30ecdea6dc3149ee7cd2c0ae70400ca8730fd4f1787

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
93KB

MD5
ec3db92301aa424c7a530a4d539a7f37

SHA1
ce848672ac400bb50fb7ef6dfbb0f92f3b41d65c

SHA256
6a9bad795d66771f71f44ef3200af4939ff91cbf757aece23ef677e08b63eebc

SHA512
a6cbd9adaa09737eccce6876531aa59b43b945bcf0ec2b97645f98377061eec725bb7bc678bc7ec16cbf2ba1dcac118a382c0746846cfffde0fdc349331b6b91

Download Submit
memory/2164-68-0x0000000001E20000-0x0000000001E54000-memory.dmp

Filesize
208KB

Download
memory/2164-67-0x0000000001E20000-0x0000000001E54000-memory.dmp

Filesize
208KB

Download
memory/2904-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2904-108-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2976-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2976-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads