e7bd5131c867932d9ddc43aae5168c207765497bbb7a04a2f63d71a9d87dbad7

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0658a6e948703b4ef67a1a85285ef38c.exe
Size

209KB
MD5

0658a6e948703b4ef67a1a85285ef38c
SHA1

e54e051a74b82ffc39f616e067a532734f908547
SHA256

e7bd5131c867932d9ddc43aae5168c207765497bbb7a04a2f63d71a9d87dbad7
SHA512

ce05dc55d35cf3adcf8c021e2e9524378b4ea15e093d211f544b0b47192bb8bd65addc7f7e7c29fe84c2be392d5435476fb585aa63adb87dc3ce00660e7b6dd5
SSDEEP

6144:dlNgwwSMUEVVQT6Y1DYnEdZSEDF+R9iu:1hwSFEC6Y10nwZS0FW0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2092	u.dll
2884	mpress.exe
2336	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2412	cmd.exe
2412	cmd.exe
2092	u.dll
2092	u.dll
2412	cmd.exe
2412	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2412	3012	0658a6e948703b4ef67a1a85285ef38c.exe	29
PID 3012 wrote to memory of 2412	3012	0658a6e948703b4ef67a1a85285ef38c.exe	29
PID 3012 wrote to memory of 2412	3012	0658a6e948703b4ef67a1a85285ef38c.exe	29
PID 3012 wrote to memory of 2412	3012	0658a6e948703b4ef67a1a85285ef38c.exe	29
PID 2412 wrote to memory of 2092	2412	cmd.exe	30
PID 2412 wrote to memory of 2092	2412	cmd.exe	30
PID 2412 wrote to memory of 2092	2412	cmd.exe	30
PID 2412 wrote to memory of 2092	2412	cmd.exe	30
PID 2092 wrote to memory of 2884	2092	u.dll	32
PID 2092 wrote to memory of 2884	2092	u.dll	32
PID 2092 wrote to memory of 2884	2092	u.dll	32
PID 2092 wrote to memory of 2884	2092	u.dll	32
PID 2412 wrote to memory of 2336	2412	cmd.exe	31
PID 2412 wrote to memory of 2336	2412	cmd.exe	31
PID 2412 wrote to memory of 2336	2412	cmd.exe	31
PID 2412 wrote to memory of 2336	2412	cmd.exe	31
PID 2412 wrote to memory of 2648	2412	cmd.exe	33
PID 2412 wrote to memory of 2648	2412	cmd.exe	33
PID 2412 wrote to memory of 2648	2412	cmd.exe	33
PID 2412 wrote to memory of 2648	2412	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\0658a6e948703b4ef67a1a85285ef38c.exe
"C:\Users\Admin\AppData\Local\Temp\0658a6e948703b4ef67a1a85285ef38c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\AE9.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0658a6e948703b4ef67a1a85285ef38c.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\B56.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\B56.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeB57.tmp"
      4⤵
      Executes dropped EXE
      PID:2884
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2336
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AE9.tmp\vir.bat

Filesize
1KB

MD5
da90b097e6600173e3f968b1fe3d2b7d

SHA1
61baee9d1b3fa20271984be4cfa39841eea7abe1

SHA256
0c489a9cc9c2f8c1e6308045136f115f76e5461b3959bdca8a1a5600a5722ff1

SHA512
1094b5c9edcf46a36c4c5e847d5b2dfb3dbd754fc831dc5641e867790c6f42387a482b9a6383b000c1d62824f386e6c8b95660bce0c110f357e6a1d465a3db4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\B56.tmp\mpress.exe

Filesize
91KB

MD5
66c1dd35af0efce990eb5fb41b0011ac

SHA1
8d1bd504ad195c3e4a9059e4d7b26ad484ebc6ab

SHA256
8c1d06dec64af0ccac7122ae2755dc51daaf5ced2858fad1bf7522a06802cfac

SHA512
f41a8b48d09106645c7e3f1aaa52e8c0c7fa6d84e272a8c5b0a095f48f7aa27169963d1641a1fc7e1df42ee955711df503ecec8417231a07ff65a81923d8d6f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeB57.tmp

Filesize
41KB

MD5
cfb6c23b4ec82cb8a0c562d2b9f34c23

SHA1
c7b496195abf2cceb09d8536768d83ab4aed6687

SHA256
28feed5f31044cbc96b185cd8ac0b12cffbc848b895ffce7d4005e25f7a8faff

SHA512
55a2e71b87db5af46c90eab14f95534d0deed807e91c4a52fb762141972a051633decedaf41b19b857efe8fd24821b59e15b33c9e00073da094495ea316420ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
385KB

MD5
52cfdf77d5ffda2272008c017392f38a

SHA1
2d3a6c376ce6dd057054f58adcefdf49c8965332

SHA256
715bbf24ae32543adc98eb79aa0a913a3a59cbffddb322d2222df5b9dd805979

SHA512
7171ac338c81470c20856d36132e1cdaaf2f27c686b46ab169c96f5ab85870551504e812e2a84cb50d23f1c3b004b1d8e945e5a9b65071a0fc6e2f55da34139c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
1d310987a06cfe7e852f16bfe36f8191

SHA1
8894f1a0d3031100b9ffcdfe71bca7f27bb6cde6

SHA256
cb631becc24e59851b865474a29ed13755b2ef9fa81d7684696d5ba9d0d3ef59

SHA512
bbaf3dcae8b3c009115626a7f047cd717adbc50cf105d8b3706ec05ca46a700b48156dafd877c6c9ec4990649f312f97916b2b660531bfe89ac1f3f49ddf71af

Download Submit
\Users\Admin\AppData\Local\Temp\B56.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\B56.tmp\mpress.exe

Filesize
3KB

MD5
eb7cb01ba971a60affb3798f0ef249c0

SHA1
d436a4ab4f12ec865d0abc4557c7f86ef74f5958

SHA256
eecea7b1c4fdf4de47dfc23df4a1eb0e05ffa39e0cb6a58e86cafd2f3572407c

SHA512
5a51d1baa8a683217e51874a81b41dbc82d19d193a86bf9d0f96d88da66f164bc723fe3192b9d5f546f5912591f8a6e547119fd884b8df447c5ed27ec4e06a37

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
133KB

MD5
945c11546742436a329c0479399da944

SHA1
c06fb4536be856cfab1a05f92f09746618f9d343

SHA256
175ee9f6136c06b1be82b7bb039bc9642f6e4529f714a9b3f29c87c80a28c219

SHA512
d9f858e6dec19c7d88502495609ae5d01ba586002fe1878a44768f3967a902fe6a9dce44e2505536abba2671cbd461760a503a2f9e18cfd33d7891c0fc0eef90

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
382KB

MD5
3981395ac550547f964f87a3f15e2158

SHA1
7538d14a77bbb4cdfadff74385f849199392bf74

SHA256
8ef383ea0d049c6972c81e1ecdde8d719d5d0cdda995fa1ab70a3ee32c4acb73

SHA512
700649f2d7180ce60457de5537544254c40fba9b8871312cf0f25743fcce46714b21c3cc079e80afbc342edd743e33e91b4e28e412315bcdfc8436170e37f1f7

Download Submit
memory/2092-68-0x0000000000390000-0x00000000003C4000-memory.dmp

Filesize
208KB

Download
memory/2092-69-0x0000000000390000-0x00000000003C4000-memory.dmp

Filesize
208KB

Download
memory/2884-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2884-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3012-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3012-110-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads