01d750d287041305fdcb46a8bbdb4eccdc417db480e9bbc2ddcb8c638557c2aa

General

Target

1d927291104e15875557b22e48923be5.exe
Size

209KB
MD5

1d927291104e15875557b22e48923be5
SHA1

dfa0ede8f9f45c7d552779b24c548409c2b81980
SHA256

01d750d287041305fdcb46a8bbdb4eccdc417db480e9bbc2ddcb8c638557c2aa
SHA512

a2af564f36fc4635fc928bf03de446bb38e1e954a40f7999d25cb843db708df6afe343e173d766919983a765c936f187e0d5c4be309546b3daadb1a45f3f550b
SSDEEP

6144:Ol9cqNzKdJHmf7J3t4rYIwQemqIXtf8WOpIsYm+4Wu:kcqBKdJe7D4rpwQNqI9fNOAIW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2808	u.dll
2168	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2988	cmd.exe
2988	cmd.exe
2988	cmd.exe
2988	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2988	2696	1d927291104e15875557b22e48923be5.exe	15
PID 2696 wrote to memory of 2988	2696	1d927291104e15875557b22e48923be5.exe	15
PID 2696 wrote to memory of 2988	2696	1d927291104e15875557b22e48923be5.exe	15
PID 2696 wrote to memory of 2988	2696	1d927291104e15875557b22e48923be5.exe	15
PID 2988 wrote to memory of 2808	2988	cmd.exe	14
PID 2988 wrote to memory of 2808	2988	cmd.exe	14
PID 2988 wrote to memory of 2808	2988	cmd.exe	14
PID 2988 wrote to memory of 2808	2988	cmd.exe	14
PID 2988 wrote to memory of 2168	2988	cmd.exe	30
PID 2988 wrote to memory of 2168	2988	cmd.exe	30
PID 2988 wrote to memory of 2168	2988	cmd.exe	30
PID 2988 wrote to memory of 2168	2988	cmd.exe	30
PID 2988 wrote to memory of 2148	2988	cmd.exe	31
PID 2988 wrote to memory of 2148	2988	cmd.exe	31
PID 2988 wrote to memory of 2148	2988	cmd.exe	31
PID 2988 wrote to memory of 2148	2988	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 1d927291104e15875557b22e48923be5.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:2808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AB6C.tmp\vir.bat""
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\u.dll
  u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\SysWOW64\calc.exe
  CALC.EXE
  2⤵
  PID:2148

C:\Users\Admin\AppData\Local\Temp\1d927291104e15875557b22e48923be5.exe
"C:\Users\Admin\AppData\Local\Temp\1d927291104e15875557b22e48923be5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AB6C.tmp\vir.bat

Filesize
1KB

MD5
b870863a9ddfdff59cfec852d41825e3

SHA1
e2ce4b9acb46ba986e6bea720452e8670455503c

SHA256
e7aaf4d06ddcddc8770aa0e8f1d4291a1415b2f6a82dd596e859bc34bf90d666

SHA512
2369afba691021a5e9e1fe7b05cd1c07aad319aabcfeb3a615dd2e7c7d02a718e8b3b60a7ee890bb1297ba44fbe6665a2709597b2a57ff0e1e0b637fbbd38fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
10KB

MD5
fcebbc1a5b001eff7ee987947152a349

SHA1
646e90e4c2df4bf79ad39c25c8b2f5e7b984b245

SHA256
f7d1e582744a3b9dd1e300c284af715b828cb9a1e535e67dd09cbfc39aa2c5ee

SHA512
a921c331569c4203b1d7ad126c152ed2a81ee75c9eb90582db70732cdfd89717d26b022debb46bf271c5469e13dae35a3dac96bddb5e1420bf4e0f969a14d9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
37KB

MD5
15957fdda1f23a19f87655ba36f24958

SHA1
f9d1ed8221d0799f5aab7f0c872430b3744e8895

SHA256
4b57dedc1a8e84e7cb63afac4b72856e8c0633f2bebe4a8ef44ff36f6d542c05

SHA512
18c9536e674d15b14c227a62bd06fc7cc34449224ec82f7efab8ea5f401ccef3667be73049470b27bdbc0948a4135377ea5c1d21fae4df53a1020e2c62dbd167

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
1KB

MD5
9b960bd34b156ff4acfa2a14b6a9292c

SHA1
193729fb0475a0e31d89d47cb9bece778671415c

SHA256
5c516cd1a02ee440bbae6fc2349fd0bf6390988b8ec9213b3f8b8474940be2c1

SHA512
ab8492f570c3a8223931cf579b326fbb63919c6a2b025f3be847e83ae141a9b28c23834341331df4a1b0a5ab18097ca33308a99f3907c6d24feafdd7ca384358

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
39KB

MD5
caa755b7be72ff580d6961d7d922c226

SHA1
e8e75385fec58175339f4ab924462639ed83806b

SHA256
deea2b929de790036c1eff8eb25272e115ff7c58a3348eeb06c6565b6bb89348

SHA512
60b8ccb9a1832ea7e5aa30a681546c38e5f55334a9e050b9ae41df9695bff8267c331ea80d21411dfc3febd8f95dfaf626e5e8239f4dd3a22f0998b42e11677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
a7ccd556290f6fa035692ea484062ba8

SHA1
16f92759edfd11dd6f888d643135d9a241082229

SHA256
a1673e5ea6d6f8f269160cd74bcc97614340a853c068cca8ffade8e22fabe600

SHA512
083c90467513563fb25f62214e2b2e22149d59607afa9e8ca834a890664317a0d136d7b570616d2f255791d396e16b4725c281d09cfcdd0ba701ffd052bfc313

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
56KB

MD5
965bec4749f7cd98a6d8d05adb89a813

SHA1
9c28ec4eb18d07191f874665540d99a071f2ed70

SHA256
dc97824888fb8cbcf659f5e8df7c0f7956e650a22adf1e5040f36514a7ba84c3

SHA512
521beea3200b2c3b4a6d3c2d2a3764048d9ed6c821da1969678f8b700f3b9faba689a5b91a47d8870a12b07f9c4d1eeb1015534e9b4e025cf62b3f6deb1fd032

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
41KB

MD5
16fe6d310d6e54d268abbd6635d97712

SHA1
36483ef9f9305e229b7acb3f52f6fe257e64cb67

SHA256
3f67742265da0d644e1b71fb3f4d2c677a8f82a334b6f0b3493a535db4eaa9f1

SHA512
0088959c3dc19e5e02c777b61ba9ab8eee56afd33611c1912cede46d013dcbb71c4ac398d48312d7053870ac6f818bdccb0318da868830416e375709442f0ded

Download Submit
memory/2696-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2696-62-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads