4ec89bbe3bdf0c431bbad778287dde8c26d7a0d3f0f9c0a3614f6bb2e8bb05b4

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e7dca4d261930994d1e6b1c2baa33e5.exe
Size

208KB
MD5

2e7dca4d261930994d1e6b1c2baa33e5
SHA1

3efa594af662293cca3fb90831e2b886649ec3f2
SHA256

4ec89bbe3bdf0c431bbad778287dde8c26d7a0d3f0f9c0a3614f6bb2e8bb05b4
SHA512

10e83295310fa6a189485e01aa2f07e939881012a8383720435a3b10327b481a0ac183d59efa2974e862a8a2e60258a7bd0b88e4d4e3101983eed9818c1af542
SSDEEP

6144:8l8sG1RDa4dPWq42WwthJGZdXRRycTR22:QORO48q4Xw0bhgg22

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2788	u.dll
2796	u.dll
652	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2812	cmd.exe
2812	cmd.exe
2812	cmd.exe
2812	cmd.exe
2796	u.dll
2796	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2812	2152	2e7dca4d261930994d1e6b1c2baa33e5.exe	16
PID 2152 wrote to memory of 2812	2152	2e7dca4d261930994d1e6b1c2baa33e5.exe	16
PID 2152 wrote to memory of 2812	2152	2e7dca4d261930994d1e6b1c2baa33e5.exe	16
PID 2152 wrote to memory of 2812	2152	2e7dca4d261930994d1e6b1c2baa33e5.exe	16
PID 2812 wrote to memory of 2788	2812	cmd.exe	17
PID 2812 wrote to memory of 2788	2812	cmd.exe	17
PID 2812 wrote to memory of 2788	2812	cmd.exe	17
PID 2812 wrote to memory of 2788	2812	cmd.exe	17
PID 2812 wrote to memory of 2796	2812	cmd.exe	33
PID 2812 wrote to memory of 2796	2812	cmd.exe	33
PID 2812 wrote to memory of 2796	2812	cmd.exe	33
PID 2812 wrote to memory of 2796	2812	cmd.exe	33
PID 2796 wrote to memory of 652	2796	u.dll	32
PID 2796 wrote to memory of 652	2796	u.dll	32
PID 2796 wrote to memory of 652	2796	u.dll	32
PID 2796 wrote to memory of 652	2796	u.dll	32
PID 2812 wrote to memory of 2924	2812	cmd.exe	31
PID 2812 wrote to memory of 2924	2812	cmd.exe	31
PID 2812 wrote to memory of 2924	2812	cmd.exe	31
PID 2812 wrote to memory of 2924	2812	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\2e7dca4d261930994d1e6b1c2baa33e5.exe
"C:\Users\Admin\AppData\Local\Temp\2e7dca4d261930994d1e6b1c2baa33e5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\58AB.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 2e7dca4d261930994d1e6b1c2baa33e5.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2788
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2796

C:\Users\Admin\AppData\Local\Temp\72CF.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\72CF.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe72D0.tmp"
1⤵
- Executes dropped EXE
PID:652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58AB.tmp\vir.bat

Filesize
1KB

MD5
aa37569be7f98fea70ab6aa7a6ba9c00

SHA1
8808e54fe9777a5877ac62455ca3410889c997a4

SHA256
4a231e36641dedcc00b176d0bff680e6cc665694b6950a9724ef0124d63d7e06

SHA512
d7a6ad223b27730b40d66ef17c0551b13605ddc4a37974a67682b5e71f5e858b44ae5b3a67ac0c34a6eab0706d9e083d283ef00e4310a3b1d6fe6573eff154f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\72CF.tmp\mpress.exe

Filesize
16KB

MD5
3060289b268cfa0ec5d53f1401d3db3f

SHA1
282e29ae4dc9fc44aa9784cdeb82b1de69e52bcc

SHA256
a16ce5a967be6c4b3af47d8a594e200ab0d3ee50aabca332381eb0634aba77bf

SHA512
689add1429f481b1ae2d51c8f1f3ac634b81d61b91cbc70d30ff097dd8e52bbadd56a2ceba4287f032eedcf3a2a78fcb7490345a4c4a0a90b4e88e000580a7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\72CF.tmp\mpress.exe

Filesize
60KB

MD5
69ccf23afb684d21265354eaf452f180

SHA1
5a02821af2a8fb6f4b1578dd744d607d0f2f18f4

SHA256
5851bb7c5ca5263dc1fbb8905f58b7c8748d2205445a6b77e773f15a01513984

SHA512
409da8bad354d57c9fdd0895f7a1452bb0bf442b064a27bf3f18dc7a58703d7ac1fdf40e3543e0e8c994e71e21595bbe88794ca262e00ad52ea02f687702a58c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe72D0.tmp

Filesize
19KB

MD5
0d1c1c5a92b50eebf0e1fa371260ae4c

SHA1
9c2ffc15359c5d150fd0b4c96eaf0a2c0c740656

SHA256
8749b5891a75cf7c1fd47cce4d09fb8e2c964bac1fd01e5f840a0bb9ace919bf

SHA512
71130d3b6db8d752ce62a4aacae6514ed854838615a9376a441c6925f6429c5740cf18a3a98e5cbae979c30d22f33eb15bbca0a208ac4c8fc395d1a8b282e83b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe72D0.tmp

Filesize
4KB

MD5
6859db75a99869b22c45319fd1a29e37

SHA1
17764bf8173be4277538c1cce39a330608ae741e

SHA256
31cd73f9766889d7e80c4ba8d30c77079110c7dcc63eaf55841c8cfe46c30664

SHA512
7d3d70834d218c6360b3c502ca25264dbd201c155e97ecffb63fe548850533f28d6d5dd337d4d470f6a24e68c590f3e66adabfacdf1dbbc91e1a0dfe799c8da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe72D0.tmp

Filesize
29KB

MD5
5e8943cc12060b677da578362127dd2e

SHA1
c69b24bad3159a007a03b0c4b40301472b0ef24d

SHA256
0452ec94d1440d14163cdd441c97d57ce81f17f39c456823eb1748ede41c053a

SHA512
aa92314f70a9d17a90b092eca32e012985ce0ed0aa08eefea9af0a09a4f745758224aa67f1d82d11f600f589c8ce5a6ec4f35816d6b87d1a7f6517d9493167a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
75KB

MD5
bcb52db19e397183f4ec4a4da9f3570a

SHA1
20463353cb82e9a68694854c1ac5c9a4e3961954

SHA256
de89defa52805ac30c858eafafc300f631d702ff488cf5b9015fddd504854819

SHA512
d272c38a4cfec8d553722e34a2c1a98cce2fd4670718c5a2346f72fe397cee8390499d1815f6566ad2afc76c555d3ee2d9744adf1726f71400e60a124257f297

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
10KB

MD5
c4dd971dcc33483d5b3ccd4718216227

SHA1
8b285b036ac09007d4a90c53b3990ce77fa24a24

SHA256
ed44de84070e92270f2f9dc7dea46dd2b2c45713e6dff31fba75a7e89b92d531

SHA512
b68261a6c310714f9519a3447d1283c245a964987ee027a7e522429f73cebb0ab8dcc273ed6a43b77800e88d80171ffcfe07352ffaee2464c996bf87804d4c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
32KB

MD5
a2d34c2122721442a93b38ad82a79255

SHA1
280e5cb16e28811918500713ca5aeb97ae203d0c

SHA256
640b64a23aecdbe2ac717311bf9e37d6c658a33ea88a8b0e41bf1a2425b0fa9f

SHA512
68a7bf8090f315dfd3e62460c5bdbb9fe7a563707d7290b2737a69e1a5987e9206c13a4a6e55ddaebdd6692dce16b3796368834aa4d8de69438601cf6295df62

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
49KB

MD5
bc4f720ceabfd66a577492c025f48c25

SHA1
5a102f9b8c8410571b0b42afe645692de2d6f15f

SHA256
9885c023fe4dd5b69da1ccbd41c3d38013eb98b00729b3d34c706eba954b6aa9

SHA512
63e07c2575c5f782cb42af324f36a23e71da115676893faf422f4b30a62af0e16d4e77ffa25ed1d97103c6a94b170e053fc724d611eddc8de1c204256d6f6e7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
b2837de82d2e3415f163a563d92d5cd1

SHA1
b7fab2bca0b9076146316b090f8bff39d25d7619

SHA256
e154111553e883213d3586b2e8950160c94900c5aa6dd446cb9f3b090fd91667

SHA512
68fdabace729518a2c0c0ef32800b2a40bd19cb125c19f475812ffa58021317f5e41eec1eadcfb89630f0cd39f1918e784b4c84395e092f3663f57735cffc4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
fc8f2d9132c858d36708761fff89ca27

SHA1
13ba8a8a72c35e8dc1123449248d5730d7d868d6

SHA256
ede7599aff6e7ab38e902f1e247e66d46cce7a40d56cf31b10e810aa1b9e5458

SHA512
d440f943bd01b2747bab2873dc2d1c2020e499428b0c69e2f05fef762071beff9437935fb82826c6e365d3b2ee12cbdf3b10705c19382e3cd6f924d251f32275

Download Submit
\Users\Admin\AppData\Local\Temp\72CF.tmp\mpress.exe

Filesize
12KB

MD5
71e1d0933e09b73dbc46e89682a42330

SHA1
5cf4879236d66d74a0d2555a67853d641b3f62cc

SHA256
d9bfcedb08ef27c1d27fca62764f6b38dbb18749422fe9166d503d4b534ad134

SHA512
d19909f1c26bd296ec82f26d35053857010029bc8aa8ad465e96fdc70c0278df854dcd783537e403992be4765379ba2cb40b7eadce7f071ebbd76193625c74e0

Download Submit
\Users\Admin\AppData\Local\Temp\72CF.tmp\mpress.exe

Filesize
45KB

MD5
47e8e3cfd6482dbbdcbb38e1cd3b2955

SHA1
bac977fd5c275968ec480e9f71023fd67c345ef0

SHA256
a084f37dc6d649bfed519f1f010563c67e59ec0bc3d8b39e7606ba3b6ef71e9f

SHA512
74047bad155d7c124aedd0b96a35064b7ea4441d1b5354524df98302b4ee792673c940c75eaf96b69ac9e625efba0a9a692b7d04ed969b1df8897e93d118c64a

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
50KB

MD5
10d07983e169d0a576c9f786a45db149

SHA1
3e157f4bffe9dd2ccaed0cfd542738631630358a

SHA256
1e856b03c2ad9163f3342cbd9893d89b4dc1004e0ef29e9d17de678f8dda2044

SHA512
f4cb0b9c328e67910be5645057436af1fb8cf7aa7563c53493e2f0287cf4050904ebf595025ff67003e605db30b62a8e5875bb3d42cbf1189007e6d5e1090df7

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
83KB

MD5
a6d0a7424c9520db59dd79e7bb2e1a17

SHA1
55018f89aed68af961dc306b448d0bf0b52fc009

SHA256
68222b395e36a5caad9285a29b65945bb3e9cc5c47d7e9eca54d10fc48495bf6

SHA512
edacc8544e7c9e3c9d0e17c070d9edb583340ecf3f530e008571a1990efa381f3956171e4d2fbdbe83d3885d28c6b58d0b1c0f9a1bcffd39a384007feb92d837

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
12KB

MD5
82b3d34f3833d6c523c5f1213debf88c

SHA1
ce86b55e2f60762c34ec786f45a413eb2c0c0030

SHA256
3e33b6164e0ee1e8f6eb82af1470ad4a7c20fc1be298ace0f6920cd5cf9e5068

SHA512
2774d0fb246be3c121cafe2cf74343cfc3492866d0a0020d61bee683791d88d5ac1c87df0a7017acb18ff4fb8f167b335ca6c83f79f98d8a3d11a346bb140810

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
54KB

MD5
25b01bc225e5bc2c336f593cf2f3e265

SHA1
0169058fea3cc9a6d2f4b8956137b7b3ae81f401

SHA256
e818033dd0cb5802348beb1435dcb1ebb3016536676149fec2eb22f0a04f99b8

SHA512
96d06ebd081e875fd23c313b2bac168cc1c3af34e87fa779c9b5bcd2f73de115947278af9b0a8824d8808feb65c0c0c5a983ce2a81ff26b65ac78e9a3761a2c3

Download Submit
memory/652-95-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/652-100-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2152-109-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2796-93-0x0000000000390000-0x00000000003C4000-memory.dmp

Filesize
208KB

Download
memory/2796-86-0x0000000000390000-0x00000000003C4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads