f0fda560a014654bc696c10ada4c92b66e24adbe883d638761e1181ce075cc49

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34fb32425a04d650d7a2ffac2921ace8.exe
Size

208KB
MD5

34fb32425a04d650d7a2ffac2921ace8
SHA1

9de9b7b330e18007489b292a7349ba9a1b8a3a38
SHA256

f0fda560a014654bc696c10ada4c92b66e24adbe883d638761e1181ce075cc49
SHA512

1f79df19d3121d8620d9c64a0b04339be75df54328f5df08c22cbf21ba4da21f721e13d58610a8d17cf459e66c548fe1e49f2edb6443aad94073b5731d759a16
SSDEEP

3072:4ld0RoRPsf/Vca1tznQWrxub4k6fhr3A1F183F+koThrpaNmV9qC++DjIOk:4ld0R9f5TUWrxubuTo9hrENK9jCO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2784	u.dll
2692	mpress.exe
2020	u.dll

Loads dropped DLL 6 IoCs

pid	Process
1956	cmd.exe
1956	cmd.exe
2784	u.dll
2784	u.dll
1956	cmd.exe
1956	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1956	2892	34fb32425a04d650d7a2ffac2921ace8.exe	29
PID 2892 wrote to memory of 1956	2892	34fb32425a04d650d7a2ffac2921ace8.exe	29
PID 2892 wrote to memory of 1956	2892	34fb32425a04d650d7a2ffac2921ace8.exe	29
PID 2892 wrote to memory of 1956	2892	34fb32425a04d650d7a2ffac2921ace8.exe	29
PID 1956 wrote to memory of 2784	1956	cmd.exe	30
PID 1956 wrote to memory of 2784	1956	cmd.exe	30
PID 1956 wrote to memory of 2784	1956	cmd.exe	30
PID 1956 wrote to memory of 2784	1956	cmd.exe	30
PID 2784 wrote to memory of 2692	2784	u.dll	31
PID 2784 wrote to memory of 2692	2784	u.dll	31
PID 2784 wrote to memory of 2692	2784	u.dll	31
PID 2784 wrote to memory of 2692	2784	u.dll	31
PID 1956 wrote to memory of 2020	1956	cmd.exe	32
PID 1956 wrote to memory of 2020	1956	cmd.exe	32
PID 1956 wrote to memory of 2020	1956	cmd.exe	32
PID 1956 wrote to memory of 2020	1956	cmd.exe	32
PID 1956 wrote to memory of 2836	1956	cmd.exe	33
PID 1956 wrote to memory of 2836	1956	cmd.exe	33
PID 1956 wrote to memory of 2836	1956	cmd.exe	33
PID 1956 wrote to memory of 2836	1956	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\34fb32425a04d650d7a2ffac2921ace8.exe
"C:\Users\Admin\AppData\Local\Temp\34fb32425a04d650d7a2ffac2921ace8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4CAA.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 34fb32425a04d650d7a2ffac2921ace8.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\4D26.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4D26.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4D27.tmp"
      4⤵
      Executes dropped EXE
      PID:2692
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2020
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4CAA.tmp\vir.bat

Filesize
1KB

MD5
692e1a3eb239146bdeadb45f01bd8c69

SHA1
7b8dcbf3c90033a9713769cce6b83f23306df936

SHA256
16a706dbd6749533b63ac93b635b1311b4f82a919bc47b74f84d7207578581d8

SHA512
304c449b73b90b67671df5808136ea77c399c13ac51d583892ce1b5de4e9be26c6730621d69db106adee7a6c075b89d8cd15b3b242bf2c2a5fbb73d804e88b9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4D27.tmp

Filesize
41KB

MD5
cdaa909edc0362a07f985762cf1ac2f2

SHA1
b6e82a917af05fbfa13671f39859ae089cb5b4a6

SHA256
97e7601bc0df1038ac28c7f3bedc14f6c2d76b4d3aca5690a205a26370bb758e

SHA512
be4adf13acf07ef81593ca10951d847fa34121a95a09771aa44fc495d33dd9030fe619c2d9771297facec5fefb0302bbfac8706f5414612c58a992f8b3f9a86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4D27.tmp

Filesize
24KB

MD5
e708a21f9d6c3e62024cf8ca0847a60c

SHA1
ac7c104f5c2715f9581272cbe4f63250e456a78d

SHA256
0c44eba4ff7f67f0d882a169cd7628e2723e8d25efeaf96d1fafc6309e9af50d

SHA512
4e9969af49b1d648bceb4b11a9a4948e9a9ee5614377b4833ed634112326cb5982be79af0b34d7375ad3c2a401df86d6052abf274cf8854f6b0a37562f567c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
192KB

MD5
f41d53d2c18047a6f671f555c695382e

SHA1
2ec570ad2ae38ccfa6bd6bc8276af3411dabf102

SHA256
557df516e26bf2e6e9eb6cd72849d7969ba6c476bca74a94d16f233595d52b05

SHA512
09c91210aba54d2ac0369368f83500b4bdf99d89fb282fc911f42c5d021dcdf441d2605651fc9bbe8e8f4ae354265ac2fb6244e53b5e0827fbff1983abc68ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
65KB

MD5
be2af27ccfda305f82c11eea8f40884f

SHA1
87ac096bfd210f414ff5c7299482a4c223aeb90c

SHA256
d9c673a3ddd97bbaad8c6001772667093cbe7eea6aae907236d731332a90a391

SHA512
2435c0ab18238ec91fc7c4cd7eaa2f13f4deb9255c8a3a82f0dd3e3a7e152fe5c12692160e4162ace558bb608a28ed25e01bb50ee28379f1d94682a07e7b42f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
bb65d8296cfc42f2f3755c7396723d65

SHA1
d34a35c7a11c02430cd0fbad00656eccc914da47

SHA256
c930be3e44c9e7a7493e675ae55ea03b61314ae087a0f1a3044207417c67d065

SHA512
29dcbc6c51b44d326a8995af08296d815599268d31286ddac47f9e54b70583bd98638bccf8d834944565995f7c923ebccdbaa74bda9cb94e2155bc8f10612ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
b23eb202d343537234f95be249f43af4

SHA1
d7d7ddb09e00482f7c6cf48afaf25b84cb92972d

SHA256
5fe426e8085cc02166f257e82a7fb853a9a027575cd052d3d9d8198becbf1a05

SHA512
571170303486a12993cf9ee975d06b5da26a07434617cab6c61e9309534883d8488564d40c37941487117148fb20d3604ddefaf99da3691f58e033a9d50eafba

Download Submit
\Users\Admin\AppData\Local\Temp\4D26.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2692-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2692-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-68-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2784-61-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2892-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2892-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads