410c45d448e3bef62a84a7a1e31be0332a3a73428f0044ee5499f3bd67bee308

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

770d93b9a8b3642423ac96a2078ad007.exe
Size

209KB
MD5

770d93b9a8b3642423ac96a2078ad007
SHA1

da3441676034a2ab1368aa8a5f41d283390f3a90
SHA256

410c45d448e3bef62a84a7a1e31be0332a3a73428f0044ee5499f3bd67bee308
SHA512

7f1cfe78c675144355eb29eb9956974eeb0e94c35ff788b6fa12c7972c9db909117c4276b7205b2484d2252c9d478288b04d35dbe9112a7d4c41345625c19da1
SSDEEP

6144:8l2khf5fme5il+2Sy9Ue0ep4mEFoOYBN40D:hk55fme5uJG4pB/7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2404	u.dll
2100	mpress.exe
1768	u.dll
1976	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2892	cmd.exe
2892	cmd.exe
2404	u.dll
2404	u.dll
2892	cmd.exe
2892	cmd.exe
1768	u.dll
1768	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2892	2356	770d93b9a8b3642423ac96a2078ad007.exe	29
PID 2356 wrote to memory of 2892	2356	770d93b9a8b3642423ac96a2078ad007.exe	29
PID 2356 wrote to memory of 2892	2356	770d93b9a8b3642423ac96a2078ad007.exe	29
PID 2356 wrote to memory of 2892	2356	770d93b9a8b3642423ac96a2078ad007.exe	29
PID 2892 wrote to memory of 2404	2892	cmd.exe	30
PID 2892 wrote to memory of 2404	2892	cmd.exe	30
PID 2892 wrote to memory of 2404	2892	cmd.exe	30
PID 2892 wrote to memory of 2404	2892	cmd.exe	30
PID 2404 wrote to memory of 2100	2404	u.dll	34
PID 2404 wrote to memory of 2100	2404	u.dll	34
PID 2404 wrote to memory of 2100	2404	u.dll	34
PID 2404 wrote to memory of 2100	2404	u.dll	34
PID 2892 wrote to memory of 1768	2892	cmd.exe	33
PID 2892 wrote to memory of 1768	2892	cmd.exe	33
PID 2892 wrote to memory of 1768	2892	cmd.exe	33
PID 2892 wrote to memory of 1768	2892	cmd.exe	33
PID 1768 wrote to memory of 1976	1768	u.dll	32
PID 1768 wrote to memory of 1976	1768	u.dll	32
PID 1768 wrote to memory of 1976	1768	u.dll	32
PID 1768 wrote to memory of 1976	1768	u.dll	32
PID 2892 wrote to memory of 792	2892	cmd.exe	31
PID 2892 wrote to memory of 792	2892	cmd.exe	31
PID 2892 wrote to memory of 792	2892	cmd.exe	31
PID 2892 wrote to memory of 792	2892	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\770d93b9a8b3642423ac96a2078ad007.exe
"C:\Users\Admin\AppData\Local\Temp\770d93b9a8b3642423ac96a2078ad007.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1381.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 770d93b9a8b3642423ac96a2078ad007.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\140D.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\140D.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe140E.tmp"
      4⤵
      Executes dropped EXE
      PID:2100
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:792
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1768

C:\Users\Admin\AppData\Local\Temp\14E8.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\14E8.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe14E9.tmp"
1⤵
- Executes dropped EXE
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1381.tmp\vir.bat

Filesize
2KB

MD5
04ab2f3f70483cf1a8c7bb25054cffe0

SHA1
57731722ebdc80f8785e163d9f731aee449e465a

SHA256
a1674724a5eaaabda5a7023619120c40628c46ce5bc67797effb433fc9aee4bf

SHA512
990bf20759a13c4fb70fb37a43e5ff21794a90c31a09a41f865f574249370c100b13ef96691a22b39d2746368bde4319c122cf364ca322e9c1fdbfdedc757b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\140D.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe140E.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe140E.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe14E9.tmp

Filesize
41KB

MD5
27d3171f8fbf513154d6e5b3001ed440

SHA1
2d110288c903d12c83168dcd1c2f72007d011885

SHA256
b33fa59131d327610feefc08274f13d96a755c41f914fd0d5a3b6c8ae3ad39b1

SHA512
e62784259796d637bcfd6e55b68df1baaf8ca1894ec70adc359d6833dd60af27b2ab700d81e6aec3a5163669d96c612ea9250165bb5c630fcf18e68d8749d87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe14E9.tmp

Filesize
24KB

MD5
9882873d2dc36538299ba953c381625a

SHA1
239d82e6d77f3e8c491760e8336d4d597e0c2709

SHA256
65dc1fee069123b4f851cfe6ec54dbc4e1195b8e8de4064099d526daf5dd2646

SHA512
d93314b182be7c9b2828762213d5ae122cfc21ab91591d1013b43ee4aeaaa36b9e8989229cded20c3e820634ecbd4293c9ee292b178675d2864983cda2bf27ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
4a2dd52f34d4f56879d2a0c3febec6d7

SHA1
ca45973dbf2437b85e532b30ace83437e9df97b1

SHA256
2740a79bb6e92bcd7e74acf2ada6f3574a5d286e975cb0d06c385d02f9c5c7d5

SHA512
d0b16da91b2a3383e21481865bdabf65ae4e22f90c298e7af718f54cb8759802c61a2b56a86b7c38a3790d0975b6f478da9ad1d2562f578055b0d4346a9f73d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
cb5b2cab8e2b8258bf6120a050987016

SHA1
c42d1340971cf4691aed2a09d9d3733b2ce5dd24

SHA256
3ac6c81adc82d1505f4f9401922768de7a51478f520d04646bad7c2c5295becc

SHA512
6914a287779803c1d02213c14497a0a305d87184eedcaed54d41fa953377786cbee0fedf00880c82f565e769899a7656ab667698abdddf474a44b8651058ffcd

Download Submit
memory/1768-141-0x0000000000380000-0x00000000003B4000-memory.dmp

Filesize
208KB

Download
memory/1768-142-0x0000000000380000-0x00000000003B4000-memory.dmp

Filesize
208KB

Download
memory/1976-149-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1976-144-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2100-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2100-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2356-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2356-158-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2404-69-0x0000000001CE0000-0x0000000001D14000-memory.dmp

Filesize
208KB

Download
memory/2404-70-0x0000000001CE0000-0x0000000001D14000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads