3ceab021db750c4c70fc9a7aef3662887295fd5043919b0663ae19c2de2b4861

Analysis

max time kernel
162s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a068645f37f55557fa93f39c9ec8647.exe
Size

208KB
MD5

6a068645f37f55557fa93f39c9ec8647
SHA1

fdbe4f3e284a90b7ca9f8257e171df8b7a74a751
SHA256

3ceab021db750c4c70fc9a7aef3662887295fd5043919b0663ae19c2de2b4861
SHA512

47d2a02251c52871692e5255b6d0dbc503887ef9c2122819f8efe6cab16f21a753ef75949c5de2b924d00bcd87dd36a70a0bbd715d5a57a0676c46201b9117d0
SSDEEP

6144:/lH4WCNpicRdPIGz/INz8Zh0MYe1kaF2aNdQ5Dq:dYpixGz/INzyhn1kaMgoe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1708	u.dll
2016	mpress.exe
2900	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2756	cmd.exe
2756	cmd.exe
1708	u.dll
1708	u.dll
2756	cmd.exe
2756	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2756	2840	6a068645f37f55557fa93f39c9ec8647.exe	28
PID 2840 wrote to memory of 2756	2840	6a068645f37f55557fa93f39c9ec8647.exe	28
PID 2840 wrote to memory of 2756	2840	6a068645f37f55557fa93f39c9ec8647.exe	28
PID 2840 wrote to memory of 2756	2840	6a068645f37f55557fa93f39c9ec8647.exe	28
PID 2756 wrote to memory of 1708	2756	cmd.exe	29
PID 2756 wrote to memory of 1708	2756	cmd.exe	29
PID 2756 wrote to memory of 1708	2756	cmd.exe	29
PID 2756 wrote to memory of 1708	2756	cmd.exe	29
PID 1708 wrote to memory of 2016	1708	u.dll	33
PID 1708 wrote to memory of 2016	1708	u.dll	33
PID 1708 wrote to memory of 2016	1708	u.dll	33
PID 1708 wrote to memory of 2016	1708	u.dll	33
PID 2756 wrote to memory of 2900	2756	cmd.exe	32
PID 2756 wrote to memory of 2900	2756	cmd.exe	32
PID 2756 wrote to memory of 2900	2756	cmd.exe	32
PID 2756 wrote to memory of 2900	2756	cmd.exe	32
PID 2756 wrote to memory of 1204	2756	cmd.exe	34
PID 2756 wrote to memory of 1204	2756	cmd.exe	34
PID 2756 wrote to memory of 1204	2756	cmd.exe	34
PID 2756 wrote to memory of 1204	2756	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\6a068645f37f55557fa93f39c9ec8647.exe
"C:\Users\Admin\AppData\Local\Temp\6a068645f37f55557fa93f39c9ec8647.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\D8A3.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 6a068645f37f55557fa93f39c9ec8647.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\D920.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\D920.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeD921.tmp"
      4⤵
      Executes dropped EXE
      PID:2016
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2900
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\D8A3.tmp\vir.bat

Filesize
1KB

MD5
e555eb522b6ffb5816026a73eaa8d26a

SHA1
48b9ac13d7f1e30233632cd3d4f3f208b00e7dbb

SHA256
a29688bb3baebefadb5a9fb12c410a0fa1a4a00b0369e41e6764625bf32654f4

SHA512
b24bf6a575b747fdcd4a8d8fd4335f6187d5615c718001ed731bc1377d1544a53ffa0c7d549c8a476a6429018cfee141a7d484e63ba37c101235976662846a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeD921.tmp

Filesize
41KB

MD5
5a16fb75977e1799ed52f35a164922e6

SHA1
c1697c61c42498f0501a886392ddd2560646b24c

SHA256
f625375b30e87216e720919833d9d4e7bc11f0b61a9d2d218817d2ebb140d7de

SHA512
1e31f17c0fea7df5bd321ff0015b8226a378b649c43df1111d9467b0f86f3a14e5a7ae9ed00314695f688b7cc0c18e44b3fa6521a8fea5943e4eb9a69a612216

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeD921.tmp

Filesize
24KB

MD5
e6463306e4c9e1869c45c0433ea1eb4b

SHA1
33512256446775a16d9ec37c2ffbf1c181bbcea6

SHA256
c06e36b469862896e2c897a6c5d62904001de12be848452d77aedc560c2630aa

SHA512
a1fb58a92a6a57b166092cae0898937d652ea1f0f555f4829094d5efb7cd4763890ce76e35923ebbef6b3981b5565e0feae2484543f38ef999d6f22fc67bb589

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
347KB

MD5
c7eaa6897dda0c29f920db662f654db6

SHA1
e415f62f511e2b117896028694b883737e6143f3

SHA256
0531018736453129f271ca2140327d8e673c89a363c8c1bc7288d59b9a7947f3

SHA512
f91c328c087ca77b7dd24b78eaeda4cf18b3a3dbfe38dbe8468ea9de1a8d6204affc8550beaae3407aa911baf3583b91a51f7ba844e3e37abef79d4b9fcb3628

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
520KB

MD5
340ff067226a724e66927d346a9a0d6d

SHA1
8b5e67c6ce239e71f8ab11f81e96eb586fe6ca67

SHA256
2e16294803e76ef71617e090faa71f98638d08d99d2be9c1c3fb0fdaa6576350

SHA512
f61c1e247147de346db82dd3f8618a1a2fddaee15c3ef50c3b7d0d7ade95118dc42f5dc6fee1544193d71affde80a911679276555146a9de70a333c5a3891c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
435KB

MD5
756d59971a94249afee81ae67ce78d75

SHA1
bbc515f500611f5f959a78f71ed5258c11114a5a

SHA256
80a8903d709cd70849e3b2d0ab4a120de103959e9f97f8d4e4dcd91a818c2d5c

SHA512
040d894ea0688d94f99ba24e7ca21b3bc6a717efe50c259505e652efc34c3f02a0ab4a3d74b822af454dca66d4d06bd5169f5b32a9fad8887988517933d69c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
6b23d3639ed421d958497412002cf2f8

SHA1
16462c9413167468395e762f5a59ac8ae8e7801a

SHA256
bbad2af274f358216171f83a20c1ecf8967446ee0762e1ff674f2cd1ec170bdb

SHA512
46b5bc522f24fab4ed1a6a0aa1aead2688d9144a98e16b91f0f5beed753b9fcc4c07162cd6689d2f6fa0cb272ce52443ecba42d4d6149d656a1c1be71dee0d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
6002892a68469b3ef64c7517ba7ea30b

SHA1
634fbccbd77ac9139c58eea6d83712e88ae9327d

SHA256
1863e060b69d6613de232fb25aa0b18f8888326429f49ee197ed21c5d98f08ce

SHA512
b3dbf3581a4a2d37383b7175e61755c78d761cbd73a463b44b359aca76a7537de085f5e26dcea7ae1ec02a7f940d5bc1708dfe23ccfc90ebfa175bbfcfcdf3c8

Download Submit
\Users\Admin\AppData\Local\Temp\D920.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
375KB

MD5
5bca0954fa24f5e0d2ccde0eb3f4b62d

SHA1
465e4193a2754bf37ce9116d220ae5b37f5eea99

SHA256
9a3039e5cfe431e3d889747c708a19ae0aacb0d4ab0a1bf6052b4dbb275c6693

SHA512
869d76b97b958afd1b578e5de728d9b18e05c0057f59953aeba8a1da298cfe5229d39caba1411b00dbd9dee16fe113f91d1586e5149f264e258d42bc425dc68e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
520KB

MD5
164fa61d575b896e2874aab51bab2427

SHA1
b36eb874803671f4f8deaff8b3456b991e5522b1

SHA256
95b66656dbeab275d27d9f503536b5de68b6e9e48398a2e846b0aab03691a526

SHA512
a72df9bbfee09bad73a6c69d903e37d4e5bfcbf168720870d7103875ff0f0ed103d6016ff6842c5b6e913bf45d690ed430aee6b589e861c2addbaf97e89eb7c6

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
523KB

MD5
4d3fd5fac241c5cb49c66cfbce550318

SHA1
da9eb5220180491384b32d859f21eb7a47f61d28

SHA256
b335caf12457ace7362f7c9bcfbb8b8cb7662e642f5f17d6c86516cb023574fd

SHA512
469a5a47c027c2a662b962679d411cd2d16f56bdf283fb102c7fa5d462feebb54c545e7b55e1816c4a9781d3680b0ab32bc484fdcd2c252d9281229e8f28ae63

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
328KB

MD5
17acbe4da782b11a2da127ed26e99c06

SHA1
847be6fc85c43351e38aed370b7ed95c1bf9fe1c

SHA256
623d9a0a52d1bddd1fb044b415cbfbf22c284f546d937a16c49af73f4643f9ae

SHA512
8613c4c2124bec23c9f16945bbffb2a213ee1bdf24cc62a7c65212dfc646fc3861b76bd1f8b03de74c00865588f2d602c4521530553b588233ddbd10180e79d1

Download Submit
memory/1708-68-0x0000000000330000-0x0000000000364000-memory.dmp

Filesize
208KB

Download
memory/1708-69-0x0000000000330000-0x0000000000364000-memory.dmp

Filesize
208KB

Download
memory/2016-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2016-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2840-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2840-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads