409cd2f19cd974a7f21d41ea4f1889fe8e322775c7f8865a1fbe2d3939b0d271

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

144f94374778bd0c5c7d94ec152dbd0a.exe
Size

209KB
MD5

144f94374778bd0c5c7d94ec152dbd0a
SHA1

6615023641d2d60d47b2743937b83d03763b8e89
SHA256

409cd2f19cd974a7f21d41ea4f1889fe8e322775c7f8865a1fbe2d3939b0d271
SHA512

84c4405633ca027eb68b6e39a9909826db3f7d6d8002e853ca3664b4b28ced200d48588c55484046fed6d1491a1bfe79b77304f6c6127e7919d9e723944ba18c
SSDEEP

6144:Kli51WYlEEIzjvsJc1sJ/Yj5Qcytts9mFER8:fKVxg/0xyttVFES

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2432	u.dll
2160	mpress.exe
2132	u.dll

Loads dropped DLL 6 IoCs

pid	Process
1416	cmd.exe
1416	cmd.exe
2432	u.dll
2432	u.dll
1416	cmd.exe
1416	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1416	3044	144f94374778bd0c5c7d94ec152dbd0a.exe	17
PID 3044 wrote to memory of 1416	3044	144f94374778bd0c5c7d94ec152dbd0a.exe	17
PID 3044 wrote to memory of 1416	3044	144f94374778bd0c5c7d94ec152dbd0a.exe	17
PID 3044 wrote to memory of 1416	3044	144f94374778bd0c5c7d94ec152dbd0a.exe	17
PID 1416 wrote to memory of 2432	1416	cmd.exe	16
PID 1416 wrote to memory of 2432	1416	cmd.exe	16
PID 1416 wrote to memory of 2432	1416	cmd.exe	16
PID 1416 wrote to memory of 2432	1416	cmd.exe	16
PID 2432 wrote to memory of 2160	2432	u.dll	15
PID 2432 wrote to memory of 2160	2432	u.dll	15
PID 2432 wrote to memory of 2160	2432	u.dll	15
PID 2432 wrote to memory of 2160	2432	u.dll	15
PID 1416 wrote to memory of 2132	1416	cmd.exe	14
PID 1416 wrote to memory of 2132	1416	cmd.exe	14
PID 1416 wrote to memory of 2132	1416	cmd.exe	14
PID 1416 wrote to memory of 2132	1416	cmd.exe	14
PID 1416 wrote to memory of 2036	1416	cmd.exe	33
PID 1416 wrote to memory of 2036	1416	cmd.exe	33
PID 1416 wrote to memory of 2036	1416	cmd.exe	33
PID 1416 wrote to memory of 2036	1416	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:2132

C:\Users\Admin\AppData\Local\Temp\10E2.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\10E2.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe10E3.tmp"
1⤵
- Executes dropped EXE
PID:2160

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 144f94374778bd0c5c7d94ec152dbd0a.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2432

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\10B3.tmp\vir.bat""
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\calc.exe
  CALC.EXE
  2⤵
  PID:2036

C:\Users\Admin\AppData\Local\Temp\144f94374778bd0c5c7d94ec152dbd0a.exe
"C:\Users\Admin\AppData\Local\Temp\144f94374778bd0c5c7d94ec152dbd0a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\10B3.tmp\vir.bat

Filesize
2KB

MD5
dc0539cd690be79366ea78c520d7e56d

SHA1
dfd1807bf5b22ec6e16b00c824b326f2de774b45

SHA256
feafc208f5fd724960a01d539f0bb2f8ba81c2029cccf097317d10293caaed24

SHA512
51afb26f064894d35dbd16f6db2705f0d121a986b67731d7f8b77761e099fa1c713d27b25687aab054417644a043c27bb04462166ccf32c75e251b737994fd5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
94KB

MD5
f2a03a6beb16bba96be9ab72a1526bdf

SHA1
01a64798a011ee623981a0de68c26899584dd3e6

SHA256
d46ee06d49c794f687ba714ac95a27ae032605657af12a2c7c6c113050da941d

SHA512
a30d13c2977519ae7698378577f3fa80efe0c8fca5d706e552249f5b828616767ab57babc054bd7aa8e086ab60974b88e7c9b087622e25a45faa62864855daa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
3ead3d1666a7ba5496ca7f0bdba490e6

SHA1
1c2707e1ed0b80eceb9e222e7c12e922e1ad1a13

SHA256
9c86a7b9cbd93a18253b5101b8a4272f9396e752177b5a49520384df06f18f5d

SHA512
147d684c5f73aa2aadc05c01c9aa31e887242edf53b97f151024ddf84384b2517dc6bd9a7bb52d9c607f47583b7b4868e809ad042e7f8e951e6a331004c62335

Download Submit
memory/2160-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2160-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2432-67-0x0000000001F50000-0x0000000001F84000-memory.dmp

Filesize
208KB

Download
memory/2432-62-0x0000000001F50000-0x0000000001F84000-memory.dmp

Filesize
208KB

Download
memory/3044-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3044-108-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads