40cd5b285149ae1150e7b7fb113379674b8c2a56e59f197da7d0be4140b3176f

Analysis

max time kernel
143s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

736ea38d4b0a45b877e7f738c6111f28.exe
Size

209KB
MD5

736ea38d4b0a45b877e7f738c6111f28
SHA1

a7cee4ef796bc7104c6bec049d073f23ae3e76ac
SHA256

40cd5b285149ae1150e7b7fb113379674b8c2a56e59f197da7d0be4140b3176f
SHA512

a8c3b6bf1b8803dfbd308686f2b457a86eb1d107d2ff4db939caf0bab0972faf126b8a69b58e03f98c1c84f5c841c6f25f5d4882f9a95905fd9e0123527056d4
SSDEEP

6144:cl0n6augkIHaogUv7+9kwbyKfsYFdDICE0T9em:Xn6au6HaogUy9tnsYF5auem

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2888	u.dll
2596	mpress.exe
2508	u.dll
2564	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2740	cmd.exe
2740	cmd.exe
2888	u.dll
2888	u.dll
2740	cmd.exe
2740	cmd.exe
2508	u.dll
2508	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2740	2300	736ea38d4b0a45b877e7f738c6111f28.exe	29
PID 2300 wrote to memory of 2740	2300	736ea38d4b0a45b877e7f738c6111f28.exe	29
PID 2300 wrote to memory of 2740	2300	736ea38d4b0a45b877e7f738c6111f28.exe	29
PID 2300 wrote to memory of 2740	2300	736ea38d4b0a45b877e7f738c6111f28.exe	29
PID 2740 wrote to memory of 2888	2740	cmd.exe	30
PID 2740 wrote to memory of 2888	2740	cmd.exe	30
PID 2740 wrote to memory of 2888	2740	cmd.exe	30
PID 2740 wrote to memory of 2888	2740	cmd.exe	30
PID 2888 wrote to memory of 2596	2888	u.dll	31
PID 2888 wrote to memory of 2596	2888	u.dll	31
PID 2888 wrote to memory of 2596	2888	u.dll	31
PID 2888 wrote to memory of 2596	2888	u.dll	31
PID 2740 wrote to memory of 2508	2740	cmd.exe	34
PID 2740 wrote to memory of 2508	2740	cmd.exe	34
PID 2740 wrote to memory of 2508	2740	cmd.exe	34
PID 2740 wrote to memory of 2508	2740	cmd.exe	34
PID 2508 wrote to memory of 2564	2508	u.dll	33
PID 2508 wrote to memory of 2564	2508	u.dll	33
PID 2508 wrote to memory of 2564	2508	u.dll	33
PID 2508 wrote to memory of 2564	2508	u.dll	33
PID 2740 wrote to memory of 532	2740	cmd.exe	32
PID 2740 wrote to memory of 532	2740	cmd.exe	32
PID 2740 wrote to memory of 532	2740	cmd.exe	32
PID 2740 wrote to memory of 532	2740	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\736ea38d4b0a45b877e7f738c6111f28.exe
"C:\Users\Admin\AppData\Local\Temp\736ea38d4b0a45b877e7f738c6111f28.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\536D.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 736ea38d4b0a45b877e7f738c6111f28.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\5570.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\5570.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe5571.tmp"
      4⤵
      Executes dropped EXE
      PID:2596
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:532
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2508

C:\Users\Admin\AppData\Local\Temp\57E0.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\57E0.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe57E1.tmp"
1⤵
- Executes dropped EXE
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\536D.tmp\vir.bat

Filesize
1KB

MD5
9c61053a89c9b332b35a71f8b5a1cf17

SHA1
ea21d63f92edf5fe18b7e4a702ea2a6fc1c29bbe

SHA256
485214425ec85d2d8f0853af9251dee257e03bf65d8c77e5eb574ac762e1ae99

SHA512
52a09ffee834786abb45e04e20019c1e12cafebd982780157f21aa379750ced5b49a80e27129358f1c7398589560639be4772b3029ca9e01229aab8f004e8a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\5570.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe5571.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe5571.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
334KB

MD5
0d199375d1acadda9c1d4f9132770ade

SHA1
31905e58ad67523bc6d38e99218cecfd363b3a67

SHA256
b435e97304a2d9cb94f94a37825e70ba0645160fe03bd26029bde18a86170041

SHA512
2478bf24d278c970c6e5f75afe5b76c0a8997dd226bcce354cf58d63fa72f5a9ca2f7ba764b3fde5c6bc30eb9da759d36a13253243f8adb4a81302a53d5ffb15

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
3bfe4138144c828860db69cf83ae3546

SHA1
af8cec43e4e2f6d6db43a87220d655278b5719db

SHA256
1c46530ae3a4ce6ec837e40292b854247f88beba9f1d102a4443ce9a0e3c9765

SHA512
3bacd2bb95850463a219f10a0fbe10e948703a933f592bd81592de7006eb6375eabe1e0c0737fdde01dcad33df4cc492341005a0bdb1119cec329201bf62bf73

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
285KB

MD5
be6bad8447530f47ac9b2e538db68df8

SHA1
f44cb0004fd59243f53d02a582ffe84c6051e096

SHA256
35af40be7c721b6987e55f124822bd67322e971da8f750a06759be0d81e33baf

SHA512
1a0384adc87456df246a4d94b323535a5a9ae4a114c1e4eee0d3fc2ab4060e80cdc70809981cb97c991bc6bd71a765ac24013ba1506c20d53616fe9fa769c009

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
memory/2300-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2300-158-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2508-144-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2508-141-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2564-143-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2564-149-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2596-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2596-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2888-62-0x0000000000280000-0x00000000002B4000-memory.dmp

Filesize
208KB

Download
memory/2888-68-0x0000000000280000-0x00000000002B4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads