7258d392d8f6db54bbed77ab472d230aa4113bc0cc72c0a77889b71621a8b4e6

Analysis

max time kernel
142s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2148398c3abeab63a4a0e102dd8982e7.exe
Size

209KB
MD5

2148398c3abeab63a4a0e102dd8982e7
SHA1

29681464a49db9d4a653655f6745be9fe3530dbe
SHA256

7258d392d8f6db54bbed77ab472d230aa4113bc0cc72c0a77889b71621a8b4e6
SHA512

106a53adc818be52251ce9ae0a76833cc11f5e4d689c6dc9ab9edf1d6edd82b7eb7c4ef2e8439c9d9afb676f4ef26215efa3a008c69feaa2eba03494f2ae2a84
SSDEEP

6144:aldZ3h5K12FHk9rRrzEccMOU6iwE8dLoWR:6Z3hsbtRXEccBqwdMWR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2780	u.dll
2748	mpress.exe
1972	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2268	cmd.exe
2268	cmd.exe
2780	u.dll
2780	u.dll
2268	cmd.exe
2268	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2268	2192	2148398c3abeab63a4a0e102dd8982e7.exe	29
PID 2192 wrote to memory of 2268	2192	2148398c3abeab63a4a0e102dd8982e7.exe	29
PID 2192 wrote to memory of 2268	2192	2148398c3abeab63a4a0e102dd8982e7.exe	29
PID 2192 wrote to memory of 2268	2192	2148398c3abeab63a4a0e102dd8982e7.exe	29
PID 2268 wrote to memory of 2780	2268	cmd.exe	30
PID 2268 wrote to memory of 2780	2268	cmd.exe	30
PID 2268 wrote to memory of 2780	2268	cmd.exe	30
PID 2268 wrote to memory of 2780	2268	cmd.exe	30
PID 2780 wrote to memory of 2748	2780	u.dll	31
PID 2780 wrote to memory of 2748	2780	u.dll	31
PID 2780 wrote to memory of 2748	2780	u.dll	31
PID 2780 wrote to memory of 2748	2780	u.dll	31
PID 2268 wrote to memory of 1972	2268	cmd.exe	32
PID 2268 wrote to memory of 1972	2268	cmd.exe	32
PID 2268 wrote to memory of 1972	2268	cmd.exe	32
PID 2268 wrote to memory of 1972	2268	cmd.exe	32
PID 2268 wrote to memory of 2036	2268	cmd.exe	33
PID 2268 wrote to memory of 2036	2268	cmd.exe	33
PID 2268 wrote to memory of 2036	2268	cmd.exe	33
PID 2268 wrote to memory of 2036	2268	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\2148398c3abeab63a4a0e102dd8982e7.exe
"C:\Users\Admin\AppData\Local\Temp\2148398c3abeab63a4a0e102dd8982e7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\673B.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 2148398c3abeab63a4a0e102dd8982e7.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\6A38.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\6A38.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe6A39.tmp"
      4⤵
      Executes dropped EXE
      PID:2748
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1972
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\673B.tmp\vir.bat

Filesize
1KB

MD5
4d8204df1022b35d737078e9be0db8fe

SHA1
1082e3aaaadb023f57af2166a7cbc2582bfcab00

SHA256
80f6cbb5361147b54ad640068b8618bf440189ed52bd6d2f70a3f1152d0bfb48

SHA512
4b30d9e553cfd30f8556f56c73c4558413091cce0be72cce4f8efdd927583f7d645c0bd3ab072b4732de288f7ed605699030bca7d4f95865c9e0e825e8c3aba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\6A38.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe6A39.tmp

Filesize
41KB

MD5
7cb94ab71579f67dd8167ccb854b359a

SHA1
74e86a56f85e57d281d3ef96e9a37e1cbdf00234

SHA256
94c019063145e6f988342dbbdad106f33eb452b627c2b49dab48e42491e84223

SHA512
bc25d4d61dce320e970c357d81acc8bf825ebece79ca49fd5cc7ab6c997e1f68d293a6a7efbf4fcf9720f1a955fec1f89564d736f70c610f8b09adc19663002e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe6A39.tmp

Filesize
41KB

MD5
6572bc0962350cb2fa895839acfcede2

SHA1
d577d269de3d78dde7d559024648c01b645c6a04

SHA256
b331b68c78aa45c0cb82d963f26086dc7200984d32411dcb16549c80622ef1c0

SHA512
849243f1726751cb6b386338189f9cc20291d088ea8fa1de8efc163f01404a8478fd8bc3e12490ad7f9166afd5c856713bf976ee9a41259384a30a69a096cc93

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe6A39.tmp

Filesize
25KB

MD5
98fe313dd90a77e6266cba25ea6ab69a

SHA1
5b38cdb6c0289105ae23aa6766d072e4e9810341

SHA256
0e9e5e55ac81f57f46ac8a1c3167f90586841fb0ec64cc8de8f6b621f797cae3

SHA512
3b90437411611895f4ce44542b2f917e32e9a7bbdc1dee81b7436cbd24652ed4f2a007f8c6960f548bdb7a79b380ab1a73bdfa8255bcee683751fd8a5f463337

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe6C5B.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
6ce927128a6ddcf9b407c2411197e73e

SHA1
c671001e521c935e8bba4500b2df2489f2d9b330

SHA256
56cdee83198c8647afc67fcbde644526c939663be6dd7542f8e83fcada9daf77

SHA512
6ffede1fba3be271e59d49534e5b46963b2763eea468d14ac64545e1c3a46d8bf1219bdb97ceef19eb7ed95da75fb410c04f355d1e4e6985cab3bc46ba5f50bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
74bbacf0fb48869b45ed7f0f49247f65

SHA1
9fc7a78f237fd2a2ab529d9c4477962cd0e01790

SHA256
80e64c2815c2749286801398e7288a25c8763270a96c4ae9e2b7e1a179039333

SHA512
7191067cb190af48e84e96a4af5ea08d4008865a34c893308856e9ae1c82540c8bda4748902257bda70b7b35d7d899e5c763f208096a6d9e11e5c77cbe930ff7

Download Submit
memory/2192-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2192-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2748-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2748-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2780-61-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2780-66-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads