67852eca5d4409f290df50303ae3f8c6fdd25705edf4fbb7ccd679cc4a7290bf

Analysis

max time kernel
143s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0698e6ceea4f7118afc303314e6692b0.exe
Size

209KB
MD5

0698e6ceea4f7118afc303314e6692b0
SHA1

3f811798e5e8aadcd0a074868ea5b1ef09ee1ede
SHA256

67852eca5d4409f290df50303ae3f8c6fdd25705edf4fbb7ccd679cc4a7290bf
SHA512

b86c2b1d798c479519a0ca947cc2a5e369a2d45529815fdc04b3a21274a87db4ae147ad061fdd687fd1fd164e7ed39e8df4f42dfb9fa3cd486a244f01e834300
SSDEEP

3072:alhg7vQsk6FHwx8/80B/+n5j1BmOY/Pr4JKKq4he7octoEpaaUcA/NKTuC8UXmpQ:al2kWHwO9o9wg9qjv4OtN3W

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2872	u.dll
2644	mpress.exe
1956	u.dll
1524	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2324	cmd.exe
2324	cmd.exe
2872	u.dll
2872	u.dll
2324	cmd.exe
2324	cmd.exe
1956	u.dll
1956	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2324	2400	0698e6ceea4f7118afc303314e6692b0.exe	29
PID 2400 wrote to memory of 2324	2400	0698e6ceea4f7118afc303314e6692b0.exe	29
PID 2400 wrote to memory of 2324	2400	0698e6ceea4f7118afc303314e6692b0.exe	29
PID 2400 wrote to memory of 2324	2400	0698e6ceea4f7118afc303314e6692b0.exe	29
PID 2324 wrote to memory of 2872	2324	cmd.exe	30
PID 2324 wrote to memory of 2872	2324	cmd.exe	30
PID 2324 wrote to memory of 2872	2324	cmd.exe	30
PID 2324 wrote to memory of 2872	2324	cmd.exe	30
PID 2872 wrote to memory of 2644	2872	u.dll	34
PID 2872 wrote to memory of 2644	2872	u.dll	34
PID 2872 wrote to memory of 2644	2872	u.dll	34
PID 2872 wrote to memory of 2644	2872	u.dll	34
PID 2324 wrote to memory of 1956	2324	cmd.exe	33
PID 2324 wrote to memory of 1956	2324	cmd.exe	33
PID 2324 wrote to memory of 1956	2324	cmd.exe	33
PID 2324 wrote to memory of 1956	2324	cmd.exe	33
PID 1956 wrote to memory of 1524	1956	u.dll	32
PID 1956 wrote to memory of 1524	1956	u.dll	32
PID 1956 wrote to memory of 1524	1956	u.dll	32
PID 1956 wrote to memory of 1524	1956	u.dll	32
PID 2324 wrote to memory of 280	2324	cmd.exe	31
PID 2324 wrote to memory of 280	2324	cmd.exe	31
PID 2324 wrote to memory of 280	2324	cmd.exe	31
PID 2324 wrote to memory of 280	2324	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\0698e6ceea4f7118afc303314e6692b0.exe
"C:\Users\Admin\AppData\Local\Temp\0698e6ceea4f7118afc303314e6692b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\8871.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0698e6ceea4f7118afc303314e6692b0.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\895B.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\895B.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe895C.tmp"
      4⤵
      Executes dropped EXE
      PID:2644
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:280
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1956

C:\Users\Admin\AppData\Local\Temp\8B5E.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\8B5E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe8B5F.tmp"
1⤵
- Executes dropped EXE
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8871.tmp\vir.bat

Filesize
2KB

MD5
0d65c97e0a3c069e5810aa1cd50f1f75

SHA1
3535071568ee32fac28814e07cf41747649dc132

SHA256
f03c0ce2cfe8af46c207da0e073f5aa2b17cf37eea085f90e194c4e911fbc42d

SHA512
3e6d12b51d1ca596c99a8ccc3ec3f9d9124430335a1205311f9d1db81711a30b7b5a8abb816b3098de4aa1e8ef48199085b1298f1b1d4e478bcff76a9e49b559

Download Submit
C:\Users\Admin\AppData\Local\Temp\895B.tmp\mpress.exe

Filesize
69KB

MD5
69846b3110610855fb5a9363d17e68cd

SHA1
2cf1e7d3f01681faab04a8da628aa4736f7ad3b4

SHA256
208a26f483bcf08d0cebf6991100831a10c52c64e25689c91bd4a3ff2fc8b2d9

SHA512
528efd03833f7124e6c6fe6fb5749ca1ed3e1c6a5f7959021156da9d2022f1a533ca5d8d271ad520799b15a9c1640abf59f7999b4c140d204a808ec1a3bc7fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\8B5E.tmp\mpress.exe

Filesize
90KB

MD5
b08359e32c24f91274c50d6786920607

SHA1
460c021c1ad08c887d6c4cb18c89231de067a509

SHA256
2701980471e198447b0a9d8a9bce65a450acd159d7afd8032711c74f644bfbac

SHA512
79a257303d48360733a8d644e55fe2019787b1b3cbb8fb3ed205dc5fe064831588bb77aea328244565ea5c5f8d4f9eadbc252f213505406fc3164ef9b1a3c5ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe895C.tmp

Filesize
41KB

MD5
827faed3d88c642edbcd53e2a41618a2

SHA1
cda90ce6b2b1925faf565e3af973b9fc6aa59fce

SHA256
92473c2d9143431dcedde2ad66ddba21fedec028a25c57abbe72548dec2613b4

SHA512
f47fc3b704ad593fddd87fd95fa6115d66c5fe8062f1f3bf7237140c79af193b8d7bbf220083d8c9ce8c7196af550b92a3a303c441cd4759d81a1745cce0c6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe895C.tmp

Filesize
24KB

MD5
3e87e6f1841be6baed79b8118b433113

SHA1
515d131092bc6baae2cc3f390a5e5e826431659d

SHA256
3567278b5960640e18a070ead1812f94f2c945cabacc3b171371ee426a9f3c00

SHA512
d76a46a08adaeefb6ec255ebc38966eaf4cd6be5415ecb6ea3fa858f52d153f69019f57d119d8c93ce7a0d3ebf9a981257c34bf8a34feae23c42864e7dbe5b7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe895C.tmp

Filesize
8KB

MD5
c5398640406e5ff4a5c47cbe0f134c54

SHA1
c912fa5df7761bfd95a040bb2a9604f86abd58c0

SHA256
60b6f84c397888c327cff582e3d44cc6da25bb80f0337d0ee4245631b0c3e464

SHA512
7c43ccdf5febe079868f02353e8c40c8392330fdef32bf5590bb5b6336f6579c39c04d0b7942931deaeb629b5973bfc75aa151c27a000abb849b10bc4c0584a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe8B5F.tmp

Filesize
41KB

MD5
233b3e39f58999357ecdde1b8892b2ae

SHA1
cc029dba8aba668b9d64aff4bfadc71f5cca96e7

SHA256
b5698a6c5e2ba58474807b1807151f3cd7974cb63bce9ed80981e970c3a01125

SHA512
af56faeab334e91d38799b155dde5e2acc336f1e0e07232712ffae89cfab5bd7a4a978d86a49ff5445fcd18084a7ce1af68ce918d3cf06d945e66321b8237b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe8B5F.tmp

Filesize
24KB

MD5
d5d7a500ce4cfe0adb20c5b06b2b23b5

SHA1
d26f769434c7d6642dd613d18b51855fe6404358

SHA256
d85cc75acb93aa2563a96620ce29a9219c11956cba77d5008f8582014f288354

SHA512
2bea70748e0f8008599482510e40104a5a5eb4c2ebb0a64c2a83ddf59a7f9f067d412c5a2165d0967ed10dcd8aa22156758d53ae78940bf3546e843e36718892

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
154KB

MD5
5ff458bf6dceec5e9d27be7df1a691b6

SHA1
e6f287c9fe89d2c87497d485feb4c1088546015c

SHA256
db133e3eab9c451c19a5f9595a871240487ab59848e78dd8e455439ada06a81c

SHA512
59adbe3e499029354f89ce448bc9256e031ad9c3c12b6d99c287645506f5886dfb512d1294e1bec9fd5226734b86d0999de2c4035f5658ad11568c6c09232988

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
15KB

MD5
636418a42c4eef30916c3dba9ac04339

SHA1
5471a5d3303d365e5b6a76d049ae703cf6020255

SHA256
2f930df30cc6edc71f5be4811aec9c567b617c464a5d5d00b35fc23f2d5ce8e6

SHA512
3450c7a4446b91786cc6b45866595a22a74ee6412db5b9212cb0283629f4bcb6d52dd34638a47d8cb772f7e71bd3dc9901204d2f1dd07a85fa7053dad4fd6f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
111KB

MD5
5ab59a4341d8ccd5a268c2af76e50deb

SHA1
8a649b962c6d9d90325d49eac9915cecd8c82675

SHA256
44152e63aef4cbd3344d55d5d17587af61eeb403dc523130658615ec5feae961

SHA512
8600cae56b06410b660ceb6e4fa50ed74a41518e85a784a4ccc3b0941c271b235bfe7ec3cc9cb9526a03fe9149b4b8b4ab3b69d4f43cae656f6d417d104d841c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
77KB

MD5
31bcee834754ff14df468245a4895208

SHA1
feb19ed88dd2f93f32194286698119c466833841

SHA256
330bb5900ffacda36790a786944dbb1f3de983ccb0cc9e48518ae5395d199ca9

SHA512
3605aa6e298a2417f0f91c213211d73eeb06038d6210f8b0cbaff5648ab8906253794812b9db1831a983f527c6f0e4f1bb6b6197d30437bf8d457936a0e8e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
fce2323415b05387014d47b9ebf315a9

SHA1
9a14b6792e0b1179c7b0440c1df8cc6650fce54b

SHA256
f324a842e0db75209b825379527c1fa927da1a14979cdf0025116d7647d3133c

SHA512
c1ca76a95ae0fa1b75db5ae6e33e8c30407342592e9a24361cde5e403d3e0fb0cc7ff21420deebeb789011629f64e9567e56db5c0e1f1e7a8b678c22e7735107

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
1a0ca3537aeeb6245b4b0734a86571f0

SHA1
2967cc2ae9703fabaae0cd56fff953391e3f8b07

SHA256
3e7efd57fd03481b0f14bc46fbdbf27dc1a1a2e741803815e7361c376fd05941

SHA512
2532fddd762a0824c5f2e5b4ab51b20c1f1bbb4ea4ec47a0f3ec4c080b486a560037340e125909fb83cfcdac446e0ffaf3845457383f1ae7e862fc29d5adfca5

Download Submit
\Users\Admin\AppData\Local\Temp\895B.tmp\mpress.exe

Filesize
67KB

MD5
97982e3a8c9e14f9e4000f2348ac9b01

SHA1
45c777bf9744c7c5d1337c1a7d0f70e248a1796e

SHA256
9ae0ba7f294a36212d10c81fa667069b0bd0157f1f1ece33f1df070466dd947b

SHA512
af82ea59a8132ab8f8a9d621ead08a53c615bd7751c260dfabdfbd76168ce72522cd679bb4b31a6b86a8e1ac95c0876d2114b99da7757547f5588c69a8390f9e

Download Submit
\Users\Admin\AppData\Local\Temp\895B.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\8B5E.tmp\mpress.exe

Filesize
66KB

MD5
2993b7fe723779a2ecafe80a7db72082

SHA1
891d56dcf1a9807316c02290ec021cb5e80e51f5

SHA256
c51bf702a8d0a235447ce93fad0b3acd9e76c0b8fccd87d7b5cb042f5df3076e

SHA512
c60f18fd2f216ce14895cc055b168ca10295b3f03125b8ddfee477c55ab9d047fcb7f9138f018535368c38aac86d51792090a630ce59042c35b370d646a27417

Download Submit
\Users\Admin\AppData\Local\Temp\8B5E.tmp\mpress.exe

Filesize
49KB

MD5
16b14f8b4830f17de20f31ff79934158

SHA1
87a44840f64fbd248fb4a652b93f68912d0cb3cd

SHA256
1e339edabe0439978dfc75bc06fd15e5aa4fc9dfafe7ab984ffe5330830e8ea6

SHA512
438d1086bc76856bb30b95d26298e9fd9528ed76cc9f39202259f4d74ba961aff154d8b9eff55da9841f12c233a7d418f04b0e541ac611d4dadb7f4757bcd63e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
31KB

MD5
8ac2cce8330e099531e66615b1fe6a27

SHA1
bd2808cef9b1662322985004cb34fedea2861847

SHA256
fd6baf1ba8cab4d5373a2d309d43c5cbe7f38ecf9f04c88f0c4fb1222029f352

SHA512
3e44c94063331098b61b2885ca0c1127f50e45b17197895987ed3e3298970dd29fc3caaa549117ddcac387d51820fc7513736fa6f08167e5f2cfffb36bf9a168

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
132KB

MD5
35ddab13a4f67f41726156a9ca5881b3

SHA1
993e1cc6a5ce0adc7fae99af2f4adf72e924474e

SHA256
2ea3b138db9fe185a47255a478ca2136c12fe55e647308311c835c4af7f484e7

SHA512
5d42dd7df965387d3156a33a53387938661ea11393411d82785924ea34d43952169ca4b41cae04ae8363da1f138376105abff421a42889c05f770b69a4ccc0cf

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
35KB

MD5
cd197c67c1396b724b331ed40eb395a8

SHA1
def25c075fad80cc2373e42d79ab0e8d08aa83ab

SHA256
ea4c7bf9c9def42893a8532dcf12335b6524c441af59831b76c84af63b5575d8

SHA512
d8a0e1c05611eac8565f3d1f9cb93e257fdd1cdaf018d618c90881ae4b665bc0eb10d4a506f0157086802a57694111e0b95674a49ac7ab88edb117434abbfe2e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
107KB

MD5
d6f3db6728ee81f3fa928d5b00b48c77

SHA1
e59aec6d5846c064adec14be0b87e9eaa1a586b8

SHA256
a2d97dcdf98892e4d03d9b5fa6789e92b284464fa8515aee7ada1ead8da8d8c6

SHA512
280de192b6596ae11b2fa681bae3b7ef700cdfc2e95d8aa3a197c5b242d0fdae2b67869a6186ba8376646f0bb741e36f649317022fd2afad453832e087175932

Download Submit
memory/1524-144-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1956-137-0x00000000002B0000-0x00000000002E4000-memory.dmp

Filesize
208KB

Download
memory/2400-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2400-154-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2644-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2644-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2872-68-0x0000000001D90000-0x0000000001DC4000-memory.dmp

Filesize
208KB

Download
memory/2872-62-0x0000000001D90000-0x0000000001DC4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads