55624cfedd0b30008dd3fd95e69eaf4edc4cf1870c5031a0c7aff8cf971f07cc

Analysis

max time kernel
146s
max time network
35s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37b277aecf566b4de689160b1bcc3e2f.exe
Size

209KB
MD5

37b277aecf566b4de689160b1bcc3e2f
SHA1

067e5aec1ddfb45a0309163f5f3220238d307ad1
SHA256

55624cfedd0b30008dd3fd95e69eaf4edc4cf1870c5031a0c7aff8cf971f07cc
SHA512

fed1a316dce7e55ff5646dd32573283a14ea4e6abfe48279810dab0c63a7a7f85b791236138ed070d1b367034c4ae602a324c3088a13967cf5facab4d42e7630
SSDEEP

3072:gligYAhDzik2u+jeSLvWtpAl6IB4BkFBzra/xKw2kuupFx3qv/XoIGVoriX6JxJ9:gli51kWqovWtSPBMkwggMoIkoriX6J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2864	u.dll
2588	mpress.exe
2820	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2732	cmd.exe
2732	cmd.exe
2864	u.dll
2864	u.dll
2732	cmd.exe
2732	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2732	2672	37b277aecf566b4de689160b1bcc3e2f.exe	29
PID 2672 wrote to memory of 2732	2672	37b277aecf566b4de689160b1bcc3e2f.exe	29
PID 2672 wrote to memory of 2732	2672	37b277aecf566b4de689160b1bcc3e2f.exe	29
PID 2672 wrote to memory of 2732	2672	37b277aecf566b4de689160b1bcc3e2f.exe	29
PID 2732 wrote to memory of 2864	2732	cmd.exe	30
PID 2732 wrote to memory of 2864	2732	cmd.exe	30
PID 2732 wrote to memory of 2864	2732	cmd.exe	30
PID 2732 wrote to memory of 2864	2732	cmd.exe	30
PID 2864 wrote to memory of 2588	2864	u.dll	31
PID 2864 wrote to memory of 2588	2864	u.dll	31
PID 2864 wrote to memory of 2588	2864	u.dll	31
PID 2864 wrote to memory of 2588	2864	u.dll	31
PID 2732 wrote to memory of 2820	2732	cmd.exe	32
PID 2732 wrote to memory of 2820	2732	cmd.exe	32
PID 2732 wrote to memory of 2820	2732	cmd.exe	32
PID 2732 wrote to memory of 2820	2732	cmd.exe	32
PID 2732 wrote to memory of 1700	2732	cmd.exe	33
PID 2732 wrote to memory of 1700	2732	cmd.exe	33
PID 2732 wrote to memory of 1700	2732	cmd.exe	33
PID 2732 wrote to memory of 1700	2732	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\37b277aecf566b4de689160b1bcc3e2f.exe
"C:\Users\Admin\AppData\Local\Temp\37b277aecf566b4de689160b1bcc3e2f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\C745.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 37b277aecf566b4de689160b1bcc3e2f.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\C9B5.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\C9B5.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeCA04.tmp"
      4⤵
      Executes dropped EXE
      PID:2588
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2820
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\C745.tmp\vir.bat

Filesize
2KB

MD5
b68178b9579f822050593a8da062aca8

SHA1
80e7d4119900db4047f99feffd43286f9e9c4c93

SHA256
66c6d42387cc36db84bcf42563d1ceca66130d92dfbe5d748ee3ef4e0c318f21

SHA512
39c0da83ac27a0d2c1183a762315f5fde5eaaddc3a666c5c16af34abbf51cad16f678114ec0ff34a0ed4282c2698ded4424d036667ea578182bad6a37ba420b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\C9B5.tmp\mpress.exe

Filesize
6KB

MD5
7563874fe0dee64475792858d90fff48

SHA1
ab2312b114289268e647ff9e0660810eec2e745e

SHA256
5ff7fe9a50fe3b224d23160ed245f7ba58eb171c58d15183d194a46c84f3c990

SHA512
58fbfefe7184368c25bab27f81f1dd407486510639fa9ca9446b2e89845aad58321e93ef343f87c6c04bbbe511569003615ff8ab2d194057bf27bd19272b9e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C9B5.tmp\mpress.exe

Filesize
25KB

MD5
55295129b07e286b811ef8235ff27469

SHA1
b01a2b1893087beb58ca2c504c279284908daf57

SHA256
8277ad58106a92a5b788678e433e6337682ff845966253052bd3a2156787bde8

SHA512
b5bff8ad7d50cc993bbbfbacb1b12a9e598798f6478be591f218905643e29d7bce2a418de8fb7240a9a76048ac72c99be735d85d913f2379ac93f78bfb9fe681

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeCA04.tmp

Filesize
41KB

MD5
f6e37b5b08d4514d8347cb5ed4e670f2

SHA1
0c42b901ed5f2e9e76822ccdab3299b714a89cf0

SHA256
41ac25ee169e9baeccb3d8ccaa3be68b912286125520e56d0ed9854608966a02

SHA512
03cb6ed9236b0e5b679ba92f4e5ca07a1874717af3dcb7f24237c7431bdacfebcfecd46df500083f40f626f5ddef4b18c12feb5338924522dfd9f32751b6f301

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeCA04.tmp

Filesize
2KB

MD5
1032666bf232e400a3fe7db46cbed849

SHA1
0715a4a5f1bab57c93b4fbcbbcb3e2c8f6de1e19

SHA256
2d445a4500917a54692f23a197b48441df9ef873b31a1793740e6a7498b4c5f4

SHA512
37fbf65981f091810d6df62db1303ba29c3f9bbe4a5bcd402b76ac64fb8a019b8dfa8d4b282f82b46970641cd625ebd731965e88865146406b65bad116733468

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeCA04.tmp

Filesize
24KB

MD5
2ee399a17c0ea32edccfc8f85c5656dd

SHA1
5b8d2aa9fc07724ec5dc516f6bb394b8413562f9

SHA256
a28469395940fbbd313b48ab4f6bac264019b957fa4410b0ec02188e7e1991e8

SHA512
bafc48a3cc6140f3c67b43392506b4ff64d8ed90e4946975648bd43a11906aa133654c930f76c10065ee48b4405e76262b3861eea93f81aac42246f7ff4d377d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
84b76845654285a13592c9e42b2f8b8a

SHA1
af1373a5c315f3fc3fb18d88ad4c28f6938de640

SHA256
635da8f03b922a520ffb1ad9c4e8c460822cec92bc02c14da4d2455ba0300242

SHA512
a0c1e791d4f571b27f34f37529ac0391557f08edf6feaa9866117924a6e2c0a5eae0c9f88f79f570321676b6fa630933f301324f08915ad13825ce76d7aef33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
176KB

MD5
869999cdc3845658ff03372e8b0124d4

SHA1
ab02eced9d3f9d96fc2a9abe84142a980a848d0e

SHA256
8a753e032ca8ad65361fa4abe70cf79285e33f530cbae36f5b6d821871b4c33b

SHA512
1e098827fcc70186719afebe173fe969459a6a705af77c8fa39bbc5c26caaa2dd303337a526b2dc0ae2ee3d3fb87cd352d72fb3b2e1a48bebce775dd1473d996

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
226KB

MD5
c1d2ffbdec22132917202b5ec6c4af90

SHA1
ce74314ad0ef22f6887bc0d48764d5a67f376066

SHA256
35789fb275f9ac434f7ebc57282304af31bfccc9adf9a8cfbd05b15602599e8a

SHA512
4c21145894049af3823c5cd04c447e0d52bfc6aa55d837e9aebee4b38770c2887f2dc60fa9bd36cee7b6b6dafbc83c0efd6fb24cd9081eb9f76bbc9998f0ce8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
387KB

MD5
bc10aabf36e9d426213b1be37386c7b3

SHA1
63d95b145d3a633ec81c918255226c724160d16c

SHA256
6087ca39d725bdaf7231b9dcc558faf98b7191685f380e6f74907eea18733686

SHA512
66848ffdae5168f07a031d6535b801a78ace61befc34160e2e3ac4c7d862abf5bd58099082f9aa3fdbfa9d270ef19b3e49651d71e8dd89c2bfeb641dc60fd719

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
9f4ea5db26f526ceb5c77e45d1871fc9

SHA1
e64feb2c362d1159c2a0fb59f6b418aa09e9f3ef

SHA256
8c6f5959438113dc3f5b622fc07c91c1d4ecbe252b924cb1d1bda5aa84a249bc

SHA512
98fede1d9af7de5001cde8647186798dbf299611871cfe349ef7e0a442afacddd65db66b24bcb767916aa1d21d440823ce859d6a5a5b3b1ac44f99f985567f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
37520b07dcd4b86b9f30236a8afa984b

SHA1
e43ac2c8b6b9a55806e64a6ab04e670367df9aba

SHA256
2ad4e47b05132a8e22c65a65e4cd7da925f20aaec1005e1653988b390f0448ef

SHA512
d378700fd5dc7fb409ad995444f28c4263df64a6f4c78ddac3f4084894821416c9d9e960a26c6088b06df1db64142f73d88944dbb4a3522bd30f68b0c93e0152

Download Submit
\Users\Admin\AppData\Local\Temp\C9B5.tmp\mpress.exe

Filesize
39KB

MD5
8e0583299d3ee8b749329e4562401ff1

SHA1
8ed0ad0fa005aad4abf75a61f16ff74c73b20924

SHA256
30b336de32cc84d04fb7f55751c30254154c9dbf1ee61d42af2221749721c125

SHA512
0f08ed8aef57324ff195f279ca8062a9a469896632fa5e729d537fb2ac41f706d7e47fa9ef9ede8ebcef84f8f132dc74bb447913f74cdad6d699426cec01031d

Download Submit
\Users\Admin\AppData\Local\Temp\C9B5.tmp\mpress.exe

Filesize
14KB

MD5
7f876ec81fc6f5761340fe303a3e5849

SHA1
098d5bcd32fe9b9cdc8d90c6a92a892136a571e5

SHA256
5678d8251740893cbfbef2d0796de5cc136f9f825088e016474bacd47a22e375

SHA512
9d33afb0250aeeb5b15a07658cb7998117819d3779010bb18c11e93f4daac825be545e79e6a4e575b19f3e7b63cbf8436a833ac17303c0955b59eb1c14fdfb4e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
164KB

MD5
0bb5993a10910061551db9e6d41fca86

SHA1
300f38c0cc33cd3aaa3966fd6fdc02b21c596e07

SHA256
5732b5a9e984db041f974baca4514c0649f07fbb5ecd1e50551313975e6a81af

SHA512
b50eb620117890e80928737bd634a8fb08db5afe99ed153f87bedb76ee14c5ea06aa0a474a661e8a67d2aeecc6ea846271a5a2b45924e6bc952a3db08ae7e866

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
167KB

MD5
0c03e32968b5e45a55cabfc9279e0a7d

SHA1
8cc2cf69d12212592e9132b0777765aec6023ce2

SHA256
cfb8371ef0c42ab8982c83952684491dc2bb675e7e1dadc22302a3de3e32a2f6

SHA512
4aa38f16b291d6b489070d3be84c67718cbb5bbd20109dd86155147b900311b81a68e924831ce1bbd251197dec7cb58b8f600ca7fe4143d721dd884ee2324eb2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
273KB

MD5
2ed3ff30232e990b0c8496a0166bdc88

SHA1
6936c7f116b800e286ff81eeebd03c6aebed996c

SHA256
d0b3ba7ac4da1977cdc41a8dd6424ee90ef88211e8077de8c3131661eacbe2ac

SHA512
d8bf69071c8237dc4acf0570397162c8d68cdb5f64272e83224007205a98ad164b3221ea620cbae2164de2fd857fbd84df31794286d908b8ab2f2cebf6ee16e0

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
210KB

MD5
6eb96e085d249d096d7775136cf849a9

SHA1
90075a8b6ad2a9cdd43128aa5011023aa4678239

SHA256
e88dd1f9099514090029a93428d9c2fde844008846598d36a322d8ab0778c71a

SHA512
c33a4eff00d7b066e5893a46b4e5e32ef290ebdd872a5bf89a1a1339ebc6cd5bc10656e288c734ec4facd26d3df6ad98dd182de8d6e1f328e06f4e1077658ea2

Download Submit
memory/2588-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2588-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2672-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2672-114-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2864-67-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2864-71-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads