8a46b2ed00082ff612029a3e57c58c3403d74d417dd8351d93eb16c8fb2e436b

Analysis

max time kernel
228s
max time network
45s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

723b77b0268c4f9f619e86da1af0821b.exe
Size

208KB
MD5

723b77b0268c4f9f619e86da1af0821b
SHA1

ea95bdbd55254ca58a1030797b92e90b4007d760
SHA256

8a46b2ed00082ff612029a3e57c58c3403d74d417dd8351d93eb16c8fb2e436b
SHA512

732d2fe05f5f0b20efc2e1e2394f7e76a85fa555e6701e0decc5aef6b43cf8200f85163ea1ff903fa5cc4cb9fbaa7b4eca12cc09f46f789316113e12cf358a1c
SSDEEP

6144:dlGRgXm15iZsw3LpUNejT/0qTMZN9CIt8k3tE/:uv168oo5Zj5t8kdE/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1912	u.dll
2496	mpress.exe
2032	u.dll

Loads dropped DLL 6 IoCs

pid	Process
1680	cmd.exe
1680	cmd.exe
1912	u.dll
1912	u.dll
1680	cmd.exe
1680	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 1680	2580	723b77b0268c4f9f619e86da1af0821b.exe	28
PID 2580 wrote to memory of 1680	2580	723b77b0268c4f9f619e86da1af0821b.exe	28
PID 2580 wrote to memory of 1680	2580	723b77b0268c4f9f619e86da1af0821b.exe	28
PID 2580 wrote to memory of 1680	2580	723b77b0268c4f9f619e86da1af0821b.exe	28
PID 1680 wrote to memory of 1912	1680	cmd.exe	29
PID 1680 wrote to memory of 1912	1680	cmd.exe	29
PID 1680 wrote to memory of 1912	1680	cmd.exe	29
PID 1680 wrote to memory of 1912	1680	cmd.exe	29
PID 1912 wrote to memory of 2496	1912	u.dll	30
PID 1912 wrote to memory of 2496	1912	u.dll	30
PID 1912 wrote to memory of 2496	1912	u.dll	30
PID 1912 wrote to memory of 2496	1912	u.dll	30
PID 1680 wrote to memory of 2032	1680	cmd.exe	31
PID 1680 wrote to memory of 2032	1680	cmd.exe	31
PID 1680 wrote to memory of 2032	1680	cmd.exe	31
PID 1680 wrote to memory of 2032	1680	cmd.exe	31
PID 1680 wrote to memory of 2244	1680	cmd.exe	32
PID 1680 wrote to memory of 2244	1680	cmd.exe	32
PID 1680 wrote to memory of 2244	1680	cmd.exe	32
PID 1680 wrote to memory of 2244	1680	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\723b77b0268c4f9f619e86da1af0821b.exe
"C:\Users\Admin\AppData\Local\Temp\723b77b0268c4f9f619e86da1af0821b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4431.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 723b77b0268c4f9f619e86da1af0821b.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\91C4.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\91C4.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe91C5.tmp"
      4⤵
      Executes dropped EXE
      PID:2496
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2032
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4431.tmp\vir.bat

Filesize
1KB

MD5
7fcbb4360f51e168258152f74bc4fcd3

SHA1
52fbedba38cacd2f969b7bd150b3d9a0f7ccab2f

SHA256
44c06687d00b251ae0f3e845dd28bbf9aed58cff0bf2ef8f0e5a90d392e1ab57

SHA512
b29d74d8f361e2e2c649be8afe1e90e9ecd81cbc9234993e6fba9d3ae61933cc6c56ccdde44e48d3be37506d07c73344784979b29acf93274257bb771d3c215a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe91C5.tmp

Filesize
41KB

MD5
a7f04b8905a2395eaa6df44dbb3274b3

SHA1
4e2a80a551b000e4e23aea3537cd8de0b8d10d72

SHA256
4a0e27b65ea38ca2f5d2ed4d575f908133c7734972bebc05945fa7b0c57d4ce4

SHA512
254b52bb3641dac6c86f19a83ba6406b43cf03701fbad2ed47e0f2d29f6e61e3611c2bfae1a28dafc49f5ee39081c9601bbf4b780cae841fadf987a51257b715

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe91C5.tmp

Filesize
41KB

MD5
b9ca96349e92a29bba2cf10c7513542a

SHA1
72d683219c461789fc01c3785617e59f996ce067

SHA256
e40f92501468ba2af7c26d2324ad971400280d3b201ab69b9624b4813c1a26f1

SHA512
a3aad3ad5e767b981e6d2439f2af07bfe22805c868f0772b3162b906560265145cfc8087a92f13beb9dadd3c95feec71dc2b92e05e40e1c7f17a0e63374bf371

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe91C5.tmp

Filesize
24KB

MD5
3504f9f8cd81f0e9fd8f1871a3524693

SHA1
8ec8e51b5aa9cd659d0fb7de6193cbccc351a318

SHA256
723563fb9d8f15376d64d45d5e8c1e1828ff9f075e086bc70103363f99797bfe

SHA512
606712183de0d9ece1247f5fc3678b1d5ff43f3f2d1a116a12ac39e4582b12a414ca37fe51144e5d3a3ebade502c3f34eff3d846f20a2ce52ef6b696363ef790

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe93A9.tmp

Filesize
41KB

MD5
4d1c4e637e66e3aee050194ee149b1ae

SHA1
542aab9bf825e8cbb8afc946b8fe555ea402a413

SHA256
ba3591ba0a42bd2556af093af3beb685383b239570a459d00ad9ff0747851e25

SHA512
801010a3a79285d26a7ecd84928b7e24de7adab6ad67d2d2ebc81a5639a6b9ea9f0f5cb087e1dfbda5a9cfa031bc2f1798f18d688a7cfc600cb9cde670862011

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e52e1dacca253a95205caebdf9ba61be

SHA1
89b934078b0ebb6045bcc17eee3395fc3af688ca

SHA256
bc6123009aa8bb34968892ccdd73ef4470aea0651056a9c81e10c60185b81621

SHA512
98cc05f9a24eb88d6c3be905c7870db5bc4d2b36c7a62abde8b2a4e3f2066bd715173c5b17d7066b8db049d6adba0a0b7a2214d3eb54a89ce5e1e97f6afcd4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
411KB

MD5
8308375dfa26632519651024448761dc

SHA1
82dfb1f694b366823ecdf6ba404df896a89e9862

SHA256
5a42b4e7f2f524c0c220795e4ee08846050da5de6b8596448447c6bdc5cc139a

SHA512
13f6e4c2d7a70340d9a96477780ba30ab6f1a6a09e077f8f3e11e1fb112ff20bf61acdd604149cfa52c78d1e01d14da0ca20b5c928078e15813aeb33d3e8a0f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
312KB

MD5
5b77e3ab9cc6debbf6ad8828d508f894

SHA1
59101a1c96e8953d56353f22b08ce609ac858bef

SHA256
8c962fd6431d70f5f59f6e1c0aa3d4ea0a5c7ccb525c197cb25d1135d69f42f7

SHA512
771775baaba6c60d9da04a162b677a5c0879e467abf4b10c69a8e4278f9f4c5e950fc2d0f636396b298f9e87922715f94f2245285cefa639a60daced79ec25f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
25KB

MD5
2b0ef38445cc493b6c46147af0c407c6

SHA1
374e2fbfe8eb3df619ac729acd57a7a09a4c9114

SHA256
62edaea027bf06c2be23bdc003314edaf29168bba87cb58bb146dff153289d05

SHA512
d4772ea24e27ae73245cc2dd1fb32bc99e0c8cf921e79caf0490c3c85f8ef83e29bca286f94e4481df3221b29e4c3a43078fdb800e5a0313ce5531a547e559bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
ddc4dd783b6bd14753ca2d6f8ca2729b

SHA1
708d530e1b90bf8e648bdf34da4bf78e25fefeb8

SHA256
849b1cf27f5413ae10b77aeef40c10dd69f3b783be19846c9e91eb58538846e2

SHA512
4a9bfe06371b5ed226a102821b8994bbcafd1e6e2440148d4ad62b1eba79b009ee370e4c1f33b248b496d037e9fabb16aa839d52348201cd56001aa5ab3a33e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
353c06b5b0a4bbabecfa3d7b7c3fc6fe

SHA1
9993bc2c4293888a9580ef931f69467a69d45f08

SHA256
92695949096e00c4237341f8c0e7baba90bea1f87e04065fdb424a372ffa3c6e

SHA512
d57e60baed2932580d8d26b8172d6189359228e415dc36c483b47aefaa3d3b7d059867713cd5e673e93965722e63103092489b1519f2081b73025d921f1a0f44

Download Submit
\Users\Admin\AppData\Local\Temp\91C4.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
405KB

MD5
b456ccba1576ac51ed7690d9077922ac

SHA1
6f18d1b7b2ca56ad32b40adcc954b28118162644

SHA256
15c5f07e31919c48f0002ceb9cde61d45f0f847c1ec8fbc6124c009a2e240376

SHA512
c7c36c14d60c27f6df9ee5d062b8c8f6ac3e532e728ffd5ef4d0cf66c876a2ef4a727d39d744b872033e0609ffad17b861e70932d12dcaee7b32c66907eeeaa3

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
49KB

MD5
3f84088b42620bfed040dd911b0f540b

SHA1
7549f804a43715c7ba8ec844384ef883caa72a34

SHA256
e3394d93510fef6b2911a404993393878ef54fe11a4b1c4d3dfbda24dde6ddbd

SHA512
cbfe51e4c3f93dbd1c0143bef0654d3694c6dd951dccf3749f4a4a492e1c5006ca7a882df644fd6bd998cfc2b1ab1f05b2e720381100c2fe1be39bdadc624969

Download Submit
memory/1912-70-0x0000000000610000-0x0000000000644000-memory.dmp

Filesize
208KB

Download
memory/1912-68-0x0000000000610000-0x0000000000644000-memory.dmp

Filesize
208KB

Download
memory/2496-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2496-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2580-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2580-67-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2580-10-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads