67df51c1587268268648c688dd721e4de41b218672db56698d07454568b16606

General

Target

135cfbb4e5dee131c19348e8f7833e52.exe
Size

209KB
MD5

135cfbb4e5dee131c19348e8f7833e52
SHA1

11d750ddc38ff570d6cbf93293567cacc4093b6a
SHA256

67df51c1587268268648c688dd721e4de41b218672db56698d07454568b16606
SHA512

378f8752a5af55d81393e2bd39794880d1001d32b06813e49a90605a665bc784f8287e4f6bcf41d2b87c4edd330f4159d10e3edc2cb4c9f6653ee5e4919146f9
SSDEEP

6144:rl2kNX273b0/FT+/8d/ufk1uICXdlYTuDpIX:ckNm7r4FQsy1bXdlSopIX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2692	u.dll
2600	mpress.exe
2564	u.dll
2520	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2312	cmd.exe
2312	cmd.exe
2692	u.dll
2692	u.dll
2312	cmd.exe
2312	cmd.exe
2564	u.dll
2564	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 2312	1212	135cfbb4e5dee131c19348e8f7833e52.exe	29
PID 1212 wrote to memory of 2312	1212	135cfbb4e5dee131c19348e8f7833e52.exe	29
PID 1212 wrote to memory of 2312	1212	135cfbb4e5dee131c19348e8f7833e52.exe	29
PID 1212 wrote to memory of 2312	1212	135cfbb4e5dee131c19348e8f7833e52.exe	29
PID 2312 wrote to memory of 2692	2312	cmd.exe	30
PID 2312 wrote to memory of 2692	2312	cmd.exe	30
PID 2312 wrote to memory of 2692	2312	cmd.exe	30
PID 2312 wrote to memory of 2692	2312	cmd.exe	30
PID 2692 wrote to memory of 2600	2692	u.dll	34
PID 2692 wrote to memory of 2600	2692	u.dll	34
PID 2692 wrote to memory of 2600	2692	u.dll	34
PID 2692 wrote to memory of 2600	2692	u.dll	34
PID 2312 wrote to memory of 2564	2312	cmd.exe	33
PID 2312 wrote to memory of 2564	2312	cmd.exe	33
PID 2312 wrote to memory of 2564	2312	cmd.exe	33
PID 2312 wrote to memory of 2564	2312	cmd.exe	33
PID 2564 wrote to memory of 2520	2564	u.dll	32
PID 2564 wrote to memory of 2520	2564	u.dll	32
PID 2564 wrote to memory of 2520	2564	u.dll	32
PID 2564 wrote to memory of 2520	2564	u.dll	32
PID 2312 wrote to memory of 2876	2312	cmd.exe	31
PID 2312 wrote to memory of 2876	2312	cmd.exe	31
PID 2312 wrote to memory of 2876	2312	cmd.exe	31
PID 2312 wrote to memory of 2876	2312	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\135cfbb4e5dee131c19348e8f7833e52.exe
"C:\Users\Admin\AppData\Local\Temp\135cfbb4e5dee131c19348e8f7833e52.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1BDA.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 135cfbb4e5dee131c19348e8f7833e52.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\1C66.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\1C66.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe1C67.tmp"
      4⤵
      Executes dropped EXE
      PID:2600
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2564

C:\Users\Admin\AppData\Local\Temp\1D41.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\1D41.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe1D42.tmp"
1⤵
- Executes dropped EXE
PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1BDA.tmp\vir.bat

Filesize
2KB

MD5
4cc97b196d18d266dfd1e7b81068cf24

SHA1
361261b7d5e7f6842c450da5607f6cac5fce6b1f

SHA256
e4c951d57f979834e68dcb9714cfb22e94fbb95f5b31144f1fe09f763d1b5953

SHA512
c6812fd7127a327bf659c7c6e201ac99256dc3465a16fdbec6fc1a8a40bd91210423a6deea1cb24b68f00fe463f00872383a0ef0b3b5b9f6133f79ad57d7b0d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1C66.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1C67.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
85a95787b3d86dfd9c3721ce50ff9a57

SHA1
afc2f8c06fa4f99d10cf093c93c2cc82ac1d3ff2

SHA256
09282ccca0fae863c07c53635371df0abb8c3c270b8c032336cc5bcbf74d9146

SHA512
290cce4813fa9afa94b934688fb24aefc07c14035ceabebe09e111f49ab52cb2c448922957664b05fe3fede951949e7aa99b9bb39ed127b4c21fb811da74f950

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
memory/1212-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1212-154-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2520-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2520-140-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2564-137-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2600-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2692-69-0x0000000000330000-0x0000000000364000-memory.dmp

Filesize
208KB

Download
memory/2692-68-0x0000000000330000-0x0000000000364000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads