3f87dde2812acc0ce379fc70eee6d254ad80fb12e0c6c28a4b8d17a89e0ffd62

General

Target

58fb66afa9a0bbebbe3830656a46cc9a.exe
Size

208KB
MD5

58fb66afa9a0bbebbe3830656a46cc9a
SHA1

25315e930b2855a11252607d95d9b6149913aaad
SHA256

3f87dde2812acc0ce379fc70eee6d254ad80fb12e0c6c28a4b8d17a89e0ffd62
SHA512

7d4ebbbc59d48cd65f9427abf435d697a985e46e51f03c227b8cfcb089b16a9be56ec155f40e9f3eebc1a7bce8826d519246ea1d9b8f4bd6b9b5b37250769294
SSDEEP

6144:dlkX0XlopJ8jNUqLPMEFVOq9tEiFzD8lvGuqVR+:cX0Xej8jJLPMSd9tEQzolOV+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2800	u.dll
1252	mpress.exe
280	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2700	cmd.exe
2700	cmd.exe
2800	u.dll
2800	u.dll
2700	cmd.exe
2700	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2700	1220	58fb66afa9a0bbebbe3830656a46cc9a.exe	29
PID 1220 wrote to memory of 2700	1220	58fb66afa9a0bbebbe3830656a46cc9a.exe	29
PID 1220 wrote to memory of 2700	1220	58fb66afa9a0bbebbe3830656a46cc9a.exe	29
PID 1220 wrote to memory of 2700	1220	58fb66afa9a0bbebbe3830656a46cc9a.exe	29
PID 2700 wrote to memory of 2800	2700	cmd.exe	30
PID 2700 wrote to memory of 2800	2700	cmd.exe	30
PID 2700 wrote to memory of 2800	2700	cmd.exe	30
PID 2700 wrote to memory of 2800	2700	cmd.exe	30
PID 2800 wrote to memory of 1252	2800	u.dll	31
PID 2800 wrote to memory of 1252	2800	u.dll	31
PID 2800 wrote to memory of 1252	2800	u.dll	31
PID 2800 wrote to memory of 1252	2800	u.dll	31
PID 2700 wrote to memory of 280	2700	cmd.exe	32
PID 2700 wrote to memory of 280	2700	cmd.exe	32
PID 2700 wrote to memory of 280	2700	cmd.exe	32
PID 2700 wrote to memory of 280	2700	cmd.exe	32
PID 2700 wrote to memory of 1788	2700	cmd.exe	33
PID 2700 wrote to memory of 1788	2700	cmd.exe	33
PID 2700 wrote to memory of 1788	2700	cmd.exe	33
PID 2700 wrote to memory of 1788	2700	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\58fb66afa9a0bbebbe3830656a46cc9a.exe
"C:\Users\Admin\AppData\Local\Temp\58fb66afa9a0bbebbe3830656a46cc9a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\6114.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 58fb66afa9a0bbebbe3830656a46cc9a.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\62E8.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\62E8.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe62E9.tmp"
      4⤵
      Executes dropped EXE
      PID:1252
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:280
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6114.tmp\vir.bat

Filesize
1KB

MD5
761d75a8d8c2ad34fcad8ee0126f6f5c

SHA1
120ca624aa4aee56ac6331927e79765fc5480782

SHA256
a08e92efbe65720ff881ae3a96d84947645c0d9f274c522e1df8dea24a24b600

SHA512
24c31e221125324af2f5ab7a957623d087b02f410d7f854491970380c351a0052026274393c4d08f163455d3c13879104e31796eb2c38dbc1fa4e475e4a7c7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe62E9.tmp

Filesize
41KB

MD5
863c72510f3c30b4e2cd208090af8b92

SHA1
3c5a6732c904ba8c3004e257d5008beb5311b7af

SHA256
87454715574db5716ae855a6dd5a09f80a0ce0adba4699b485dc3152dc3ce544

SHA512
d7356b3561c3a8e84cc004d3852e3f8562023e4819e9e07e52b3fbdbb5645c64f9a436bcaea55b24e0fdd231b16d0941ad027db9870230db38a0ca81985d452b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe62E9.tmp

Filesize
24KB

MD5
f680e9ae05faa8f515979455a15d34a8

SHA1
474bcbb3309059e5950ec06a370d42e290eefda8

SHA256
def67e83cf64e184ac206e4c7445ecf4151932bd2d05adb0623c014d94565093

SHA512
b9b403b2890005628fb1a1a90a5fb96d164bfe7605f180063000161fe7a2b8065589ba9934cb07233a84d169987c14b541deef3e7f896929e70a5724233eb413

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e4127ceb5db948172fd241be25b36358

SHA1
5a01fa3772c6d27630d50c73fadac9508780c51a

SHA256
f3e8cd29180b07115d0d33a3ecf0c542da05680aee99971aa7e9bd2423597f70

SHA512
13dd5db60d2faeaee632b62a3c92b323215931250ed8a1513a0af9b92c335dbf4b6c458e266bc08431eccff36256203dc81488e6f83185bdee737eed1a82883d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
9448a159e6acb8d542b7c902163a5f40

SHA1
795b45120eed8c54fdc57e7bfdae12eb8e17f618

SHA256
817b63b19e7a3bf859e3cc835204e1551c92b090076417be4eb5672265470971

SHA512
34cb2f7fbad4f2fbdff6e7334b7f364bfa2e8149eba94e8746f68c1ddd1d3b786bfc8a773395f791639524d8981de34a2a85dec235654f9beee89af0b735a7be

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2ddabf428f5af0dc7533f96038c6882e

SHA1
36dde4739c70d3e3ef2f98d666380974e3307960

SHA256
cc9723132f6fe83612ecd942bc6970a1cde5f4ffb1f4cf8648b5c5dc519c15c4

SHA512
efab008a0393dac540bb838c16c819a903e940e0565432fa471c3b57086340cbc59ce67a7e4c2979dcd331bde22ac7241f93fbe4f3bc9a2f1b81c3c70b84db7f

Download Submit
\Users\Admin\AppData\Local\Temp\62E8.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1220-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1220-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1252-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-63-0x0000000001E70000-0x0000000001EA4000-memory.dmp

Filesize
208KB

Download
memory/2800-68-0x0000000001E70000-0x0000000001EA4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads