cbe27dabf6f300d955a1cd7449569e45383cc4272a10bf2c3f0aa6ea1ab3a5f1

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13498081e96318bb83ba8430d0bd0033.exe
Size

209KB
MD5

13498081e96318bb83ba8430d0bd0033
SHA1

d2f6e16d5dca646b47f7e3454ee545a107fe5125
SHA256

cbe27dabf6f300d955a1cd7449569e45383cc4272a10bf2c3f0aa6ea1ab3a5f1
SHA512

0c72d71498f9271f69d09cabf9ce506b38065f219b3cbd40439030f487ba5c0a7f6b4d6a44e44541c04971680309df143ec76eca1b4168ba2014d1f0dcfa010c
SSDEEP

3072:glxuF4BVYzyujAIwEu+aiBQ3FL0kpZMS/aWCJfUygHArSK0CY8eTbBbPwTb:glkXN0Idah7OWgmTCVQPwTb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2840	u.dll
2588	mpress.exe
1248	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2720	cmd.exe
2720	cmd.exe
2840	u.dll
2840	u.dll
2720	cmd.exe
2720	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2720	3016	13498081e96318bb83ba8430d0bd0033.exe	29
PID 3016 wrote to memory of 2720	3016	13498081e96318bb83ba8430d0bd0033.exe	29
PID 3016 wrote to memory of 2720	3016	13498081e96318bb83ba8430d0bd0033.exe	29
PID 3016 wrote to memory of 2720	3016	13498081e96318bb83ba8430d0bd0033.exe	29
PID 2720 wrote to memory of 2840	2720	cmd.exe	30
PID 2720 wrote to memory of 2840	2720	cmd.exe	30
PID 2720 wrote to memory of 2840	2720	cmd.exe	30
PID 2720 wrote to memory of 2840	2720	cmd.exe	30
PID 2840 wrote to memory of 2588	2840	u.dll	31
PID 2840 wrote to memory of 2588	2840	u.dll	31
PID 2840 wrote to memory of 2588	2840	u.dll	31
PID 2840 wrote to memory of 2588	2840	u.dll	31
PID 2720 wrote to memory of 1248	2720	cmd.exe	32
PID 2720 wrote to memory of 1248	2720	cmd.exe	32
PID 2720 wrote to memory of 1248	2720	cmd.exe	32
PID 2720 wrote to memory of 1248	2720	cmd.exe	32
PID 2720 wrote to memory of 2252	2720	cmd.exe	33
PID 2720 wrote to memory of 2252	2720	cmd.exe	33
PID 2720 wrote to memory of 2252	2720	cmd.exe	33
PID 2720 wrote to memory of 2252	2720	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\13498081e96318bb83ba8430d0bd0033.exe
"C:\Users\Admin\AppData\Local\Temp\13498081e96318bb83ba8430d0bd0033.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\38FB.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 13498081e96318bb83ba8430d0bd0033.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\3ADE.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3ADE.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3ADF.tmp"
      4⤵
      Executes dropped EXE
      PID:2588
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1248
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\38FB.tmp\vir.bat

Filesize
1KB

MD5
f967da6e197f9200c2bf7b4df70d6160

SHA1
20c7616269dc6ae0a1d890386ecd0093a2acbe97

SHA256
479f9295907c5d54b80c8cb6fba67f6b2d9e27af14e5b37551348a7b58e6a902

SHA512
50f7aa7012465ec1989e85f52653c06c46e8b7adff0cd0df2a97d2db41b6bac95f287227caa6d689f2e47021e0a9a5ed21cb354382501bb9c9f0307ede9ce9f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ADE.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3ADF.tmp

Filesize
42KB

MD5
abca087517969a31d6ed96ed859c6838

SHA1
77b52acaecd112d45ca0edf95230826d42cbeaef

SHA256
ce9bf92eb738677681b3b0ba883c5d2bb79921df50c5df6ae9ae49d97590c962

SHA512
172b96e70738c498134864001ee7709b4a7e8b53646a22fd59139232d8c01588ce4b46a4096f2de7e43cc9e20046d687f84ea4b78769f70ca6626e7f81e52ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3ADF.tmp

Filesize
25KB

MD5
6ea41dc2a0ff434485f56e4a11c8a64b

SHA1
6c4525e4e77f45bb9d06e1a0e89c27289a00a9cd

SHA256
47028926c0824bc07e1f951199da5cf6e4e66d0a50b5e22ae7c868b596cfdd5f

SHA512
2d69435ae6fcf8d556ed58610c9bc92e1d57e7d00e84a64438fa615e7589ea4a3cfb5b26d1ac5a3b38767fd6ebd6410e9613f1f249469f01baefe27e7b795498

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3C75.tmp

Filesize
41KB

MD5
863c72510f3c30b4e2cd208090af8b92

SHA1
3c5a6732c904ba8c3004e257d5008beb5311b7af

SHA256
87454715574db5716ae855a6dd5a09f80a0ce0adba4699b485dc3152dc3ce544

SHA512
d7356b3561c3a8e84cc004d3852e3f8562023e4819e9e07e52b3fbdbb5645c64f9a436bcaea55b24e0fdd231b16d0941ad027db9870230db38a0ca81985d452b

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e4127ceb5db948172fd241be25b36358

SHA1
5a01fa3772c6d27630d50c73fadac9508780c51a

SHA256
f3e8cd29180b07115d0d33a3ecf0c542da05680aee99971aa7e9bd2423597f70

SHA512
13dd5db60d2faeaee632b62a3c92b323215931250ed8a1513a0af9b92c335dbf4b6c458e266bc08431eccff36256203dc81488e6f83185bdee737eed1a82883d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
661KB

MD5
2deb769ad36f24d1b8a5e5106639f1f3

SHA1
9030148a940200909d71c3bc8cc171f31b343575

SHA256
cdcad571f1f4cc6b29c7ef99b1afa32c5b19b797b18116ac6e09e544163d4a85

SHA512
d8571650660f1700a895b66a587066a317e544e5180a509c363e106c03e54b917ba0cdd76d5ad1240d1a4f87a212b564a246ea0468a9b165d7951ae2481e1a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
130KB

MD5
961c16161ad475d063c46c316d552c32

SHA1
e1bbbda7652c3d211a71203c70a61afb390ce058

SHA256
677476699e7d5e312c30f780206d1da795a5d82d532ae1e4495a566f4bdcabce

SHA512
7c087a04a9512561e8956ece6e0e1e43251b0ed9c75269aad32f653ed61744db148e71c7f33d85de5d6b7bb7be5af20aab1aa67655240a0047eaa625933d0a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
8e6101bb1bbcf17e4f639919448ee7a9

SHA1
09cfb3c1831af6e7d8c593cd3be3af4e123eda9b

SHA256
0abf2370750b3cda2fa2cc655d4d01a46a9aae2fe05535e837200f2949148a6a

SHA512
a18d84803754ae1591462f739a7023324fb1d5a1d6deb7486db90efd25445abe1d7ea9c293b4a7dd301461b00972098b4d9fd0f93a527a8af3986f566fcc5f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
0a496eabfad12b1a2ebecb8dd26dde07

SHA1
b216323f29fa309a0444cbb10dff82dc37e27ce3

SHA256
dd32f7db03ea89bc6e3118e58f4ac113b9c2180a48880500e8563caa1bb243e5

SHA512
3920819c9bc83e71f416ec32919bc3922a2f7f52d4468347fc1d1738627939f74c6ac233ac57b5b964b552795097d45c8a4e5ffbbc02f56a1600825532e53a57

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
126KB

MD5
60015bc6e81cc81b2f912597d7b0beec

SHA1
1c6d16c6d150cf8c224788f710612e9dcb178dc6

SHA256
c246c51c4b49e86c257b468c651b4a3f607a22010d72043c4882b5ac77d806c3

SHA512
464399c44379faa3704ac0c1e9e251a62b9bf1b14c6d2554f552e4ad9aac9293bbd30a24626bc38bd72c9603f13961e335c9ead154345172ca4aa0ee5645f828

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
614KB

MD5
dddb4e6fd6b36f84aea8e2e641168202

SHA1
ea1d68c0ed7d9b02bc6c4b60f80eac33b81770df

SHA256
26abd3b016f4f2831bd1e09cf5a4141e16aed5646fa4d539ae5abf5004358c5c

SHA512
27cf2ae384c713940b06254bd11495d906add7ffd2429496d5a446aaff97cf40af34837c8807d59255c47ee28f364a6a5384309c1ae0256ee28acf9ee4e076ef

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
218KB

MD5
a62dcd220dff7bfd9a9fe355720380c8

SHA1
456223a2be8c2388bdf69521d8d1a618b013340a

SHA256
0d68786b631d0f7ec1c67e208bb3ff578d39a30a1f2f7180c22ccef0cc7a149a

SHA512
b25c0fd7f27b47333e66e00cc746557e4485fd3ee0b3c953a378422f9d42ea079d49f72d0d3b60bf870a9fec988a5fde59cc26a93847460cb1f3dfcfb974f82f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
291KB

MD5
cd1e71f72ca12ffcf2562093b265ab89

SHA1
32ec470f9e60d53225495cbd52b998ed4740fce8

SHA256
6769b659b18ec907d054c1076b915a7707b8cc7dd7d11876337a52f45f4437eb

SHA512
3bc98a817238718e669976294c85f057bfa992a56b9ab09e06746d2ea38991d33c43c635758761f384bb3e4d00c395c53ac16664bd93a513306b5748a453a0b4

Download Submit
memory/2588-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2588-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2840-67-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2840-66-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/3016-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3016-103-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads