f5bf3cea94001ed764513c5b3ba9232e7dd877eb3e4216a6aecd0ab3350cb7a8

Analysis

max time kernel
147s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022d1f96830b0c83dd6e673d53292077.exe
Size

209KB
MD5

022d1f96830b0c83dd6e673d53292077
SHA1

3987ca77830c77d3dcc08620a596f6f7d6373739
SHA256

f5bf3cea94001ed764513c5b3ba9232e7dd877eb3e4216a6aecd0ab3350cb7a8
SHA512

c6d6e9bf8dc7e17ee1a3365e748695e9357bc9a1aac6d469a664c7cc799bea52bd7d7a8e1d94f058701ae8f7205f77c8c4b08fce0100711d1c20399410aeabef
SSDEEP

6144:Wl7uBTzNsMDKg6TOKmtDYq6j/iSjcwRgy62:RTz+MV+mt0nJJf7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2900	u.dll
2600	u.dll
2628	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2320	cmd.exe
2320	cmd.exe
2320	cmd.exe
2320	cmd.exe
2600	u.dll
2600	u.dll

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2320	2536	022d1f96830b0c83dd6e673d53292077.exe	18
PID 2536 wrote to memory of 2320	2536	022d1f96830b0c83dd6e673d53292077.exe	18
PID 2536 wrote to memory of 2320	2536	022d1f96830b0c83dd6e673d53292077.exe	18
PID 2536 wrote to memory of 2320	2536	022d1f96830b0c83dd6e673d53292077.exe	18
PID 2320 wrote to memory of 2900	2320	cmd.exe	17
PID 2320 wrote to memory of 2900	2320	cmd.exe	17
PID 2320 wrote to memory of 2900	2320	cmd.exe	17
PID 2320 wrote to memory of 2900	2320	cmd.exe	17
PID 2320 wrote to memory of 2600	2320	cmd.exe	31
PID 2320 wrote to memory of 2600	2320	cmd.exe	31
PID 2320 wrote to memory of 2600	2320	cmd.exe	31
PID 2320 wrote to memory of 2600	2320	cmd.exe	31
PID 2600 wrote to memory of 2628	2600	u.dll	32
PID 2600 wrote to memory of 2628	2600	u.dll	32
PID 2600 wrote to memory of 2628	2600	u.dll	32
PID 2600 wrote to memory of 2628	2600	u.dll	32

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 022d1f96830b0c83dd6e673d53292077.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:2900

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\6A5.tmp\vir.bat""
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\u.dll
  u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\228E.tmp\mpress.exe
    "C:\Users\Admin\AppData\Local\Temp\228E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe228F.tmp"
    3⤵
    - Executes dropped EXE
    PID:2628

C:\Users\Admin\AppData\Local\Temp\022d1f96830b0c83dd6e673d53292077.exe
"C:\Users\Admin\AppData\Local\Temp\022d1f96830b0c83dd6e673d53292077.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\228E.tmp\mpress.exe

Filesize
53KB

MD5
6e307d797f89f174b9256290511f3a3e

SHA1
ee2ba00c033744c6e98ebfce7168fe0f24ece70d

SHA256
c13881ad2bd266f90a758060f278f72ee7b93af0cb9394c5a9beaa4c9281ed39

SHA512
7e3ea3673d1866ca5a1fc696ff236ad44c88f9bb752e65802670b450c0f7a07fe8561f0fb933042a69612920c055c8d12dc467fc78c01cb710789d151df4544f

Download Submit
C:\Users\Admin\AppData\Local\Temp\228E.tmp\mpress.exe

Filesize
48KB

MD5
d5fbfb1224822bcdbc7aa2609e7e06b8

SHA1
2335fe467e867e74866bbc427c480a3c94e62c88

SHA256
b46b57d025d6914ca2147185ab4edd73abac6b3691cde24c02995098220b8cd2

SHA512
0c4131202d4773b832211c676f2926d68be68bed57769651d7e87bcb2a175c304e404922dd8c5836610d0475bd1e176fec161d61b54f6937ecaf59cdfa1bd3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\6A5.tmp\vir.bat

Filesize
1KB

MD5
51ffd0d35275f67b7a006c10af26d9cb

SHA1
68e4ad8ce7dd25187419b0b76411eb09dae94903

SHA256
fa5429c9849716986b8da712516c1fbaed0a37ae2304f8d1fc290cb61fb63748

SHA512
ee1dd42515f4a9e3e811ca0f5848d68f30aa7fe9e2dab5b4b36161af0beda06a52e2e8d401005fce9a95a3f60f940e4144b2874484d0076c77674ce3059ca6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe228F.tmp

Filesize
41KB

MD5
b42fc7ca387fda5888c8c664dad2fd5c

SHA1
5768a859ded51822c8a476279f9b8a057c8e524d

SHA256
5c9c8f3e8e01c9012302ee25e49c6e4df2fcda1a2144715b825d2b88d783044c

SHA512
6722e95ddaef2ef79b39ce76faeb1c23de4b0d93d308a1b90ed550923a082b2281673b87c2234ea0c2ee10fa0eae880d2fbb49562ebd2ba93bc234a870ed4c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe228F.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
188KB

MD5
a168d2ddc15ab9d745091075913ea4c7

SHA1
67797f8fb0a49e6004a404dd9bac0cb9fdd086c6

SHA256
49e9e8c52a0374b2b5840f3b11d1990fa3378c0cb1633b1a1aed76a70f03d0f5

SHA512
90cfb58b8e86d536d6b7473dd0d7439e7dda8d32a38bd704c4091c6376363c58f7d9817cc6eae414730fe179dd89c48dad45e9569b95a9bb94992068535fe496

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
283KB

MD5
1ba7a4011c4e7d10c544d2ee844ccb12

SHA1
d8caca049118329d8162a8d675594a54ba810330

SHA256
268c201d9bf797fabddda9f9af3ac98b8af0f4ebccf8114db380af440a88ce0f

SHA512
22b98f4ccf675b9112d0dbe31dcef97b0e8399064a8efa36d7bcb21093d24da9f2f6c25a041442cae2170a430a856458393533820c6278403c1e5b34462b6136

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
216KB

MD5
bc3cc2956d264b787f2efa026f3e8e5a

SHA1
51bc3b11542975ea756ec7981bdab99bcc045400

SHA256
b9245a297d378066aeb17c4aae16f140fd4d2267bb0d10be6e6246bb911db0b9

SHA512
439665277587392cd868c2ec003fab87ff6a95d2759860320b1c89078fce4b8676143b3653a2abe8c923a3b89209eec983e6b31cae87f4855bacfebd19de241d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
76KB

MD5
68fed8eba0e8b1a49a6f476d5dd114b5

SHA1
71b8c1e1817610902de7dcad41716b731998ca0f

SHA256
301fbb9d8b85608ae89b9d6f024b15795504483f232b7b17c00ec8a1b79e02a7

SHA512
6cfef31816850f97758275eb8e69d7f75fd4d1c10a69eced454547eb79c65e4a68326ff127bd3062e1dea0744e879a928064999c51736a4ddbf0786e58b8b7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
8425858b1ba52e48501467d3140e8262

SHA1
0f91f8caffea1465709e76320786268cbe540b1a

SHA256
6372d5fe89facb1eaabdb464b239302fe542eb16a5c46aaa75fbcfd22d822794

SHA512
6bbd0757f7da25ddff92b9d277c1ecbf2facbefa545b5b47dcf5cdbfbc9dd9739f9672731abc8dd4122a4d339d3b9c2d15829823a2287e6b7440af0aaad12c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
4c46941bb7ba79cfea39a35572b4c667

SHA1
9972194c556e762c3fb810d5f832a241c99a51b5

SHA256
b8ad504669f947b9fcb027ce00968bed2303b330971585e8de9fd64b02cf604c

SHA512
022671d19d11acbb8894304c4884b6153bb0e218cd79a4edce58ff059c43f20beff6040a23579181c46b5cd29d924eeb79b5ae0ac4e0c3802703dc604ea7821d

Download Submit
\Users\Admin\AppData\Local\Temp\228E.tmp\mpress.exe

Filesize
47KB

MD5
47bba902f530a2dc79226dbebf23d59f

SHA1
732164da28cd606d0edc20b7de962761ee6270c2

SHA256
1744b9c1e3291fc6398f945646191d808034e8d370d81084d6e88c67483f7f29

SHA512
790ef0fde0c30308f181e1012facc5d290e5e32fb0f70a88e60a372a1d564d249a8643ae324d1ab37a2812770c2f54a40e587f58294cc7a9620a7e7f26dbab7e

Download Submit
\Users\Admin\AppData\Local\Temp\228E.tmp\mpress.exe

Filesize
86KB

MD5
061ecae3746f14f2654a2b81ee0bca7c

SHA1
2b7df2a9ca4a1fd2f250be96f4f0a9fc30a44892

SHA256
b48b99b69c3f52af6d7e274dafb9eeb2665f6a494e6afab656cc9a7049b6aba0

SHA512
cbee790e0b9f53ac07684cffb6a52c5978fe9e8950ccfbe7abb1bf6550433521198f6ff9c0825f6b1233046b898587f9d6fab28b08d1c03819d6759e5fa03761

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
305KB

MD5
0d516006056a97b22bb27e9259baaad4

SHA1
988d6a612694b4afa179ea0b56e03ccb19bc8ea5

SHA256
a6a517fd9716d7ed5ecde035a6ce5d2957597d9b3774adcba1f5d80705218439

SHA512
4e065661b30cdaee3a068571f971ca256c737f55bd629479ef2210e7135504756b5c60165fefc080ad16b230ffd2cff3832f826216d6fad995d6721447a9b430

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
247KB

MD5
f6bbbf3cb8a3c7ad822148d5c979c178

SHA1
fc26a61cddddaeeaf770ff77ce4caaeaab1134e6

SHA256
38cad7e2eb558d93155e04421a8695b8bf80bc7bf5295546602bd9d4ec525f80

SHA512
fd3f0186d81f48f70950d649338f3a3df114b85a90ea99f5f0df7c6aaf3958b8e2a600507ae3798a08c57a1e4d9743f5435314b7ebe10668c3c0ed5e50bb08b1

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
81KB

MD5
1ff7651b6c9a5aa4e66f79f39f108228

SHA1
58f498e281e270cc578c1a4a4817bed7feff0e7c

SHA256
66a7ebfa89087dd847b1b3917c732cab902b41c830e6b9ad3f64697d1fc6df2f

SHA512
b7da0bdc81da20f1d70b2fb414dd2ea4714bd4bc20f46a897007582e8417eef5f66cdc6c0e7208142fa9f9f7305c7502c78beb891cd947aa30c743ebe29ee44b

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
103KB

MD5
879ef1e177b3f019a7aa69defe32aead

SHA1
f25e0e1f426e16f90d44b84601b92217229f65ab

SHA256
cd47e307c7fb673862aa3d1ce35aed2f65d07b72fb89012bff944584f71ef826

SHA512
35dbc64f457fc77322dec5099c2d47d24b504e3e6f6c205d5e3350f9f6eac0e0c4888ccfc64f3716f6ffa1dabd61e97641448f8e9330071ae75d3d2af2afe7ab

Download Submit
memory/2536-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2536-98-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2600-96-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2600-89-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2628-97-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2628-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads