267d8cc1689679116d31f13d3fa9b5bd48b6aa327846c89e56c592fe2da1a3f1

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21bcb4b12052f3c175b02baeff3cd539.exe
Size

209KB
MD5

21bcb4b12052f3c175b02baeff3cd539
SHA1

cdc9d8047a529cbcf504a33083b48d573d751743
SHA256

267d8cc1689679116d31f13d3fa9b5bd48b6aa327846c89e56c592fe2da1a3f1
SHA512

616eed0d9d3a21f8bc1f8f0a2c7770d848e59dcb67f0d4ac4a8181c6a0bff96c053947655a5181f5c6ac3800d90272e7f8d8916012bb390bc3ebf67a8e10532b
SSDEEP

6144:UlsSFhzhXVW4u4Xzbn4SRMhIr5OR+2la3ca3VxNmrBHhFozg:jUhdFVuezbnWI5OR+HhFurBBFkg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2760	u.dll
2708	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2680	cmd.exe
2680	cmd.exe
2680	cmd.exe
2680	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2680	2476	21bcb4b12052f3c175b02baeff3cd539.exe	29
PID 2476 wrote to memory of 2680	2476	21bcb4b12052f3c175b02baeff3cd539.exe	29
PID 2476 wrote to memory of 2680	2476	21bcb4b12052f3c175b02baeff3cd539.exe	29
PID 2476 wrote to memory of 2680	2476	21bcb4b12052f3c175b02baeff3cd539.exe	29
PID 2680 wrote to memory of 2760	2680	cmd.exe	30
PID 2680 wrote to memory of 2760	2680	cmd.exe	30
PID 2680 wrote to memory of 2760	2680	cmd.exe	30
PID 2680 wrote to memory of 2760	2680	cmd.exe	30
PID 2680 wrote to memory of 2708	2680	cmd.exe	31
PID 2680 wrote to memory of 2708	2680	cmd.exe	31
PID 2680 wrote to memory of 2708	2680	cmd.exe	31
PID 2680 wrote to memory of 2708	2680	cmd.exe	31
PID 2680 wrote to memory of 2480	2680	cmd.exe	32
PID 2680 wrote to memory of 2480	2680	cmd.exe	32
PID 2680 wrote to memory of 2480	2680	cmd.exe	32
PID 2680 wrote to memory of 2480	2680	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\21bcb4b12052f3c175b02baeff3cd539.exe
"C:\Users\Admin\AppData\Local\Temp\21bcb4b12052f3c175b02baeff3cd539.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4FD5.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 21bcb4b12052f3c175b02baeff3cd539.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2708
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4FD5.tmp\vir.bat

Filesize
1KB

MD5
fef8850eeb3aea96e8ea4ff9667d801f

SHA1
7c36156f435ad8b24252f2ba0adafa1c7731e7fd

SHA256
d76a8a3841dc203c24090608dabceae8f0f3049a97af08500271bacf31666d5c

SHA512
3c07c3a269e098c09c795c24c2191987490321c0ce81bedb2b771de5aba434645ec3672cd2f687b2536a889ad24c6654b40860cdb1424155c751ebce328d24e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
77ba6153827a203577b5d79c941e801c

SHA1
6deb4bdee67f4fb1a01ffa702e7941220c00f5a0

SHA256
7df73edded92f9b3f8e0639a4acaac72fdee2358eb0325e5cd66b23b44ce9bf7

SHA512
65d6b016a9109dc3358f7952fef0eb520a79a3084cb6da4f30558ebfeaf127f046408366452b178f43fd75d5a077118301326899f0207ed38b96310273824ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
4355e52d3f4638979de2ad37eae2374d

SHA1
83f588d81925d90093307fe0ad85a799ee96ad48

SHA256
fb1f72387920f1faaf01daa14e0c82f5584d66b3c9af393d2df917ee4033c983

SHA512
365fe9532173a227aea473dff7304cd5c50465cace6490060ba669c39becd24ee3521e4d6ed1b6994bdb9c585d0ae645cf31e7126ceebd0f535220aba2928bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
a53127ac10a564fba09e1b98380ecfb1

SHA1
e4061f3eac459aa15a88d59b84bb72bd16dc44c5

SHA256
d2318c3586d1ebb60147f1def79a02f2017b00a86509aaa82a26c20e675b1bc9

SHA512
3ac185c5179866b4b7398b04a765bc32b54d88c9b9f6557d35b50a39672e82fcc16c635711f738c1fdb19bee8579e6d5d926ff7d928675d3db0e58481f24c5db

Download Submit
memory/2476-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2476-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads