daedbb46dcb88c25c76c02d8d98b8a965f0ff81a846347452724f2eb84fa6e3c

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38dfcb7e123dd82deab3ce9eaaa294e1.exe
Size

209KB
MD5

38dfcb7e123dd82deab3ce9eaaa294e1
SHA1

312898a5902e4217c83e904c3f33f62d9ac9af58
SHA256

daedbb46dcb88c25c76c02d8d98b8a965f0ff81a846347452724f2eb84fa6e3c
SHA512

785fb358ae8a7cc73e2991e257abc2b1b20687c1941c11a5fc0bbede6aac6a9d2830c862b3ed81338440927ce2dae4853a211490c6988cac747acd5abd89cc52
SSDEEP

3072:7lhg7vQszmpcS1RUD3vb89r4ZEbRI753NbbUwMWUxCftfai0ukF36Q+BTJTLfzb4:7l2M1R+b89rCEbmdbbUwUq10ukBiz3I

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2824	u.dll
2700	mpress.exe
1752	u.dll

Loads dropped DLL 6 IoCs

pid	Process
1992	cmd.exe
1992	cmd.exe
2824	u.dll
2824	u.dll
1992	cmd.exe
1992	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1992	2220	38dfcb7e123dd82deab3ce9eaaa294e1.exe	29
PID 2220 wrote to memory of 1992	2220	38dfcb7e123dd82deab3ce9eaaa294e1.exe	29
PID 2220 wrote to memory of 1992	2220	38dfcb7e123dd82deab3ce9eaaa294e1.exe	29
PID 2220 wrote to memory of 1992	2220	38dfcb7e123dd82deab3ce9eaaa294e1.exe	29
PID 1992 wrote to memory of 2824	1992	cmd.exe	30
PID 1992 wrote to memory of 2824	1992	cmd.exe	30
PID 1992 wrote to memory of 2824	1992	cmd.exe	30
PID 1992 wrote to memory of 2824	1992	cmd.exe	30
PID 2824 wrote to memory of 2700	2824	u.dll	32
PID 2824 wrote to memory of 2700	2824	u.dll	32
PID 2824 wrote to memory of 2700	2824	u.dll	32
PID 2824 wrote to memory of 2700	2824	u.dll	32
PID 1992 wrote to memory of 1752	1992	cmd.exe	31
PID 1992 wrote to memory of 1752	1992	cmd.exe	31
PID 1992 wrote to memory of 1752	1992	cmd.exe	31
PID 1992 wrote to memory of 1752	1992	cmd.exe	31
PID 1992 wrote to memory of 1900	1992	cmd.exe	33
PID 1992 wrote to memory of 1900	1992	cmd.exe	33
PID 1992 wrote to memory of 1900	1992	cmd.exe	33
PID 1992 wrote to memory of 1900	1992	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\38dfcb7e123dd82deab3ce9eaaa294e1.exe
"C:\Users\Admin\AppData\Local\Temp\38dfcb7e123dd82deab3ce9eaaa294e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\3D6E.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 38dfcb7e123dd82deab3ce9eaaa294e1.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\3F42.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3F42.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3F43.tmp"
      4⤵
      Executes dropped EXE
      PID:2700
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1752
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3D6E.tmp\vir.bat

Filesize
2KB

MD5
541b26527eb1e3c873f942b8a3893dbc

SHA1
daa2fc4a50ee6e3b949624db77a9d9c229ccfccf

SHA256
ec63a135e7aeabeb3351688c4fafc425f6d18d9d5af21dd0266b3db457c26bfc

SHA512
56446f03853ba59e713e4b465ee49a89975ce420b041e71e3e86cc8e5827e57eece8b398c0b6589df77deb72e609b2a863f5b3eac7a515eed19326d0ca558a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3F42.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3F43.tmp

Filesize
41KB

MD5
27d3171f8fbf513154d6e5b3001ed440

SHA1
2d110288c903d12c83168dcd1c2f72007d011885

SHA256
b33fa59131d327610feefc08274f13d96a755c41f914fd0d5a3b6c8ae3ad39b1

SHA512
e62784259796d637bcfd6e55b68df1baaf8ca1894ec70adc359d6833dd60af27b2ab700d81e6aec3a5163669d96c612ea9250165bb5c630fcf18e68d8749d87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3F43.tmp

Filesize
24KB

MD5
9882873d2dc36538299ba953c381625a

SHA1
239d82e6d77f3e8c491760e8336d4d597e0c2709

SHA256
65dc1fee069123b4f851cfe6ec54dbc4e1195b8e8de4064099d526daf5dd2646

SHA512
d93314b182be7c9b2828762213d5ae122cfc21ab91591d1013b43ee4aeaaa36b9e8989229cded20c3e820634ecbd4293c9ee292b178675d2864983cda2bf27ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4145.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
c78a6e0f503954664134b7249af443b6

SHA1
ca16eaddf2ae5c41eaeb3992a7b03e0c2f8c27ad

SHA256
f81b31a8bee1f8e85a9e9e2a3ce1cd4c966eb3bfe8a5d69b1e2262b8c5a4740e

SHA512
b432aab1ad6414840b4487458fe50b7c9eddc9f1f26b491b08aa2acef74d7326362e93994303e29e4e54c5d994c775349296e9d48b4bb3a9611b14d00497540a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
5c7c9d4e3c908d6f4eb40612721183b5

SHA1
441d3628ea15b83583493310aa1d180e5729250d

SHA256
f12d3713c0b7a05c213d66c46a0c8650886a003529a4fcb46617cbc13b336c11

SHA512
8fb9bd41c830bec6d09d156a15ebdceef4b9341fbb49e48dacf1223eccff6eda8dddd373e25e944a654b708484bd93985e2bce94e9aaaa642570961eec12473d

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
382KB

MD5
3981395ac550547f964f87a3f15e2158

SHA1
7538d14a77bbb4cdfadff74385f849199392bf74

SHA256
8ef383ea0d049c6972c81e1ecdde8d719d5d0cdda995fa1ab70a3ee32c4acb73

SHA512
700649f2d7180ce60457de5537544254c40fba9b8871312cf0f25743fcce46714b21c3cc079e80afbc342edd743e33e91b4e28e412315bcdfc8436170e37f1f7

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
384KB

MD5
24dfc4c9e007f2583b956d3ad07de800

SHA1
0b55c60ceb419e2fca38ec401fd143fed0cc58ee

SHA256
96696051cd5f06b05353731d5524b3d828259fffe0d9237407776efef7e6ac54

SHA512
282767a6486d42ffed096909fef64086d55ad28bb35cee37da5bc2e573d608342e5bd85eed6c8c330c84df02a1aaf4aea95df870d506d1e0cc35e551d80b39a0

Download Submit
memory/2220-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2220-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2700-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2700-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2824-67-0x0000000000650000-0x0000000000684000-memory.dmp

Filesize
208KB

Download
memory/2824-69-0x0000000000650000-0x0000000000684000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads