08110620f6a6027d73597eb530aa3829c71453ce3fa49c9e5947a392c34c7a90

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c57f5c2e0979862f97b6398b1f283c0.exe
Size

209KB
MD5

3c57f5c2e0979862f97b6398b1f283c0
SHA1

8c1707eb6ac76308966a53a7eaf73d02ece05834
SHA256

08110620f6a6027d73597eb530aa3829c71453ce3fa49c9e5947a392c34c7a90
SHA512

1cbf8c84cb0a5017ffc8cc724cea2c0fc81c05e86aaa4b7f8291977f5be0edefe077ad779166e764edf8d1583af7eb8ccaf8424947a45a84eb37ab25cb0469f5
SSDEEP

3072:0ligYAtiHEwwwI98oj/uIbr+cwfq+Ows9Mrn38rH7dW1Oyrc1mVnCfZle/lWeLUS:0li5xXIxj/ul8+OwuMr3W7da61mYxmU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2040	u.dll
2768	u.dll

Loads dropped DLL 4 IoCs

pid	Process
1712	cmd.exe
1712	cmd.exe
1712	cmd.exe
1712	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1712	2264	3c57f5c2e0979862f97b6398b1f283c0.exe	14
PID 2264 wrote to memory of 1712	2264	3c57f5c2e0979862f97b6398b1f283c0.exe	14
PID 2264 wrote to memory of 1712	2264	3c57f5c2e0979862f97b6398b1f283c0.exe	14
PID 2264 wrote to memory of 1712	2264	3c57f5c2e0979862f97b6398b1f283c0.exe	14
PID 1712 wrote to memory of 2040	1712	cmd.exe	15
PID 1712 wrote to memory of 2040	1712	cmd.exe	15
PID 1712 wrote to memory of 2040	1712	cmd.exe	15
PID 1712 wrote to memory of 2040	1712	cmd.exe	15
PID 1712 wrote to memory of 2768	1712	cmd.exe	31
PID 1712 wrote to memory of 2768	1712	cmd.exe	31
PID 1712 wrote to memory of 2768	1712	cmd.exe	31
PID 1712 wrote to memory of 2768	1712	cmd.exe	31
PID 1712 wrote to memory of 2548	1712	cmd.exe	32
PID 1712 wrote to memory of 2548	1712	cmd.exe	32
PID 1712 wrote to memory of 2548	1712	cmd.exe	32
PID 1712 wrote to memory of 2548	1712	cmd.exe	32

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAD3.tmp\vir.bat""
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\u.dll
  u.dll -bat vir.bat -save 3c57f5c2e0979862f97b6398b1f283c0.exe.com -include s.dll -overwrite -nodelete
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Users\Admin\AppData\Local\Temp\u.dll
  u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\SysWOW64\calc.exe
  CALC.EXE
  2⤵
  PID:2548

C:\Users\Admin\AppData\Local\Temp\3c57f5c2e0979862f97b6398b1f283c0.exe
"C:\Users\Admin\AppData\Local\Temp\3c57f5c2e0979862f97b6398b1f283c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FAD3.tmp\vir.bat

Filesize
2KB

MD5
feab7d7051f38caedb20baafed7c2128

SHA1
3d7261c819e959991efde786605bb4539efbbb70

SHA256
c314fa2fa53a97e8c07df448e8c8cb65eacf23492f2ba75c0d92a0aad1bafb3e

SHA512
f30098b950015e95d323f08aa7f413a1937705e299ff36b65fad80f5570840be72eb628b0eb0135f38d3a085a122a5fdd52d38ab7da337930409385fccf950c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
93KB

MD5
ec3db92301aa424c7a530a4d539a7f37

SHA1
ce848672ac400bb50fb7ef6dfbb0f92f3b41d65c

SHA256
6a9bad795d66771f71f44ef3200af4939ff91cbf757aece23ef677e08b63eebc

SHA512
a6cbd9adaa09737eccce6876531aa59b43b945bcf0ec2b97645f98377061eec725bb7bc678bc7ec16cbf2ba1dcac118a382c0746846cfffde0fdc349331b6b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
395KB

MD5
fd32b6cc6981b8899fdd34e1b894738a

SHA1
eef8fc4f4e2327bed86f5460ec05f6f9e9e6ac6b

SHA256
d069142d7a62a3e4f92069908e7dc2ec7ceb3b309026ff817f736a62dbab3d87

SHA512
fd44081bb58ac8e05baefde44ced017cf1e153254e9e43fc36a2a89233d24a73ce345891139b4e3d0637b069f8d3cee2f44d395d6bf3029df26b4f4aade00cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
d1c314c6216b661d1e0ec3a428e04897

SHA1
43d27889dd934973b72e8617b377e7ad5e87bd4c

SHA256
0399d19435be533e4ee25941e9f8e86309cd5343242307522eaab2dae33a604e

SHA512
1dfb733e80fc6a6d875f76f377d7e7910e889cd03c82ed4724281afd8bda3714417de2a6765680f886e8f318f3a38acff96de4720886adc60e7a55a4e469a29e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
412KB

MD5
58c18c754e1a2d50779aadbbd8fb024a

SHA1
62874737a74cce96ee74354d3cbd14faf53a7243

SHA256
ae10231709441343a08f634ffa832f9c2633da7ade5b2e9a9b3f9e1262e10037

SHA512
8591b204763d1fee38d35c964a11f882b601ab6c430ba6a2ee6f3f814334b7dc08387b425b18e377428d3c3b067977d33c2341ad3e9f672ae313488d51ac295a

Download Submit
memory/2264-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2264-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads