b8566395db8a7752b12223119ef210d55e51b6ee906c57dbdc5ca505a6ccc5e1

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

235b3ee1a7c5570876dfac8782ad9bc1.exe
Size

209KB
MD5

235b3ee1a7c5570876dfac8782ad9bc1
SHA1

8795b868f7b1ee71ba6b8deea912a47ff562f8f4
SHA256

b8566395db8a7752b12223119ef210d55e51b6ee906c57dbdc5ca505a6ccc5e1
SHA512

a4e97e7c223603779bc41392400808d02dadd7b5fca041f3007f8a2ba4197298feca0cc710cca80467705d240e35f26c4b499d6c90099be1d3d93912be866400
SSDEEP

6144:Hl0n6aub5h3U5ZUCM3Hq2rsHrdwRfjmjHIthNRBYazy5pno:2n6auxFQLq6D6hNRSb5pno

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3056	u.dll
2440	mpress.exe
2568	u.dll
2820	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2116	cmd.exe
2116	cmd.exe
3056	u.dll
3056	u.dll
2116	cmd.exe
2116	cmd.exe
2568	u.dll
2568	u.dll

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2116	1720	235b3ee1a7c5570876dfac8782ad9bc1.exe	29
PID 1720 wrote to memory of 2116	1720	235b3ee1a7c5570876dfac8782ad9bc1.exe	29
PID 1720 wrote to memory of 2116	1720	235b3ee1a7c5570876dfac8782ad9bc1.exe	29
PID 1720 wrote to memory of 2116	1720	235b3ee1a7c5570876dfac8782ad9bc1.exe	29
PID 2116 wrote to memory of 3056	2116	cmd.exe	30
PID 2116 wrote to memory of 3056	2116	cmd.exe	30
PID 2116 wrote to memory of 3056	2116	cmd.exe	30
PID 2116 wrote to memory of 3056	2116	cmd.exe	30
PID 3056 wrote to memory of 2440	3056	u.dll	31
PID 3056 wrote to memory of 2440	3056	u.dll	31
PID 3056 wrote to memory of 2440	3056	u.dll	31
PID 3056 wrote to memory of 2440	3056	u.dll	31
PID 2116 wrote to memory of 2568	2116	cmd.exe	32
PID 2116 wrote to memory of 2568	2116	cmd.exe	32
PID 2116 wrote to memory of 2568	2116	cmd.exe	32
PID 2116 wrote to memory of 2568	2116	cmd.exe	32
PID 2568 wrote to memory of 2820	2568	u.dll	33
PID 2568 wrote to memory of 2820	2568	u.dll	33
PID 2568 wrote to memory of 2820	2568	u.dll	33
PID 2568 wrote to memory of 2820	2568	u.dll	33
PID 2116 wrote to memory of 1448	2116	cmd.exe	34
PID 2116 wrote to memory of 1448	2116	cmd.exe	34
PID 2116 wrote to memory of 1448	2116	cmd.exe	34
PID 2116 wrote to memory of 1448	2116	cmd.exe	34
PID 2116 wrote to memory of 1704	2116	cmd.exe	35
PID 2116 wrote to memory of 1704	2116	cmd.exe	35
PID 2116 wrote to memory of 1704	2116	cmd.exe	35
PID 2116 wrote to memory of 1704	2116	cmd.exe	35
PID 2116 wrote to memory of 1628	2116	cmd.exe	36
PID 2116 wrote to memory of 1628	2116	cmd.exe	36
PID 2116 wrote to memory of 1628	2116	cmd.exe	36
PID 2116 wrote to memory of 1628	2116	cmd.exe	36
PID 2116 wrote to memory of 2028	2116	cmd.exe	37
PID 2116 wrote to memory of 2028	2116	cmd.exe	37
PID 2116 wrote to memory of 2028	2116	cmd.exe	37
PID 2116 wrote to memory of 2028	2116	cmd.exe	37
PID 2116 wrote to memory of 632	2116	cmd.exe	38
PID 2116 wrote to memory of 632	2116	cmd.exe	38
PID 2116 wrote to memory of 632	2116	cmd.exe	38
PID 2116 wrote to memory of 632	2116	cmd.exe	38
PID 2116 wrote to memory of 1128	2116	cmd.exe	39
PID 2116 wrote to memory of 1128	2116	cmd.exe	39
PID 2116 wrote to memory of 1128	2116	cmd.exe	39
PID 2116 wrote to memory of 1128	2116	cmd.exe	39
PID 2116 wrote to memory of 856	2116	cmd.exe	40
PID 2116 wrote to memory of 856	2116	cmd.exe	40
PID 2116 wrote to memory of 856	2116	cmd.exe	40
PID 2116 wrote to memory of 856	2116	cmd.exe	40
PID 2116 wrote to memory of 952	2116	cmd.exe	41
PID 2116 wrote to memory of 952	2116	cmd.exe	41
PID 2116 wrote to memory of 952	2116	cmd.exe	41
PID 2116 wrote to memory of 952	2116	cmd.exe	41
PID 2116 wrote to memory of 1804	2116	cmd.exe	42
PID 2116 wrote to memory of 1804	2116	cmd.exe	42
PID 2116 wrote to memory of 1804	2116	cmd.exe	42
PID 2116 wrote to memory of 1804	2116	cmd.exe	42
PID 2116 wrote to memory of 2148	2116	cmd.exe	43
PID 2116 wrote to memory of 2148	2116	cmd.exe	43
PID 2116 wrote to memory of 2148	2116	cmd.exe	43
PID 2116 wrote to memory of 2148	2116	cmd.exe	43
PID 2116 wrote to memory of 1028	2116	cmd.exe	44
PID 2116 wrote to memory of 1028	2116	cmd.exe	44
PID 2116 wrote to memory of 1028	2116	cmd.exe	44
PID 2116 wrote to memory of 1028	2116	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\235b3ee1a7c5570876dfac8782ad9bc1.exe
"C:\Users\Admin\AppData\Local\Temp\235b3ee1a7c5570876dfac8782ad9bc1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\9637.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 235b3ee1a7c5570876dfac8782ad9bc1.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\981B.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\981B.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe981C.tmp"
      4⤵
      Executes dropped EXE
      PID:2440
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\9BB3.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\9BB3.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp"
      4⤵
      Executes dropped EXE
      PID:2820
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:856
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:952
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1028
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1076
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1032
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:772
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:768
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1820
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2068
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9637.tmp\vir.bat

Filesize
1KB

MD5
11a59a9fb2a7e8716dec59b64c51b4d7

SHA1
5e088f3f4ff095f395eda85ffc879d96f71ff0b0

SHA256
bbf120a5c435bbda13307c9545e149709a37d7a36cc17098952104383d63cf68

SHA512
d10d926c198c6e05fe52cd9b72872a2dd474cc42d06f5448224c992822515607820391ce80611e8565910144f92e7e9fab917ea97d2bd19c400ba4f95fc51475

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe981C.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe981C.tmp

Filesize
742KB

MD5
236c056876c8cd46dabb13750c7f4327

SHA1
c1890e26c6585056a70665f94c4c3e5db7d5ab83

SHA256
8b16dfab1ce9996f2bf46fd1726442243a13aa457616785e995e11de71449355

SHA512
2af3ab6e75b2f89743f7e7cebf5ccc6588a3447dfac7eef89a1327e9c731fffd6a5df8dec23ab05637df8d7169a445a566e887575a007179e727aa392c014b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe981C.tmp

Filesize
208KB

MD5
d88de17fa0cbcb260174eae7c7ff718f

SHA1
a36aaaaf60938cbc94de551f3c7f08b6cf05627e

SHA256
7a8efbf17c0ad4278416c240b5c26987f935605fbc31397766ac3907a7e9c005

SHA512
ff0db2ecf913cbbadb79af7c77beb588dae23e5b283dd18281cbd8dc62323b6fdbd9622588cdc6fbfd4d6bcbc8978c51431d4a9a2c99c3004dcc6dd5c811217b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp

Filesize
41KB

MD5
71ce3645ecf4a753408f77c5a8bad638

SHA1
9b8252af055414bb69e5ce0f1826066c27c0d63e

SHA256
75e8f3a8df737002f0d4be1064a96490ca1c56148ea69781abaaa6299eff9b21

SHA512
79a8d69275afc627a9102e62f05d3867ef013a11c174dd4981fe31494d3f6e127032fdcc92fae99aaac2a485a6acdf0d7fdf6df120c53a024740ff1786f51c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp

Filesize
741KB

MD5
79be0048e345f8db1a5cd6a67d73afe8

SHA1
f5c6cc77ab15f3d0552dcf7c08c388b56fe2ee48

SHA256
dae6e0668558bcb8f9bd9b4cde5e5acefc97b261a147af53d96265e7c07bfab7

SHA512
09e9761ff97c1651744a16cf955bf0009e17774f73486756dad4f35efd9d7c6cae99cd0fd88a42fc72c9d21c518ee4944d262fae0b4f14816eac7a6ec1660456

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9BB4.tmp

Filesize
207KB

MD5
e8c522b862feb8ad3e531c84cc2ad517

SHA1
5062b54a6a83aec3cac73fd9598f41b37a68de23

SHA256
65571fe62859b7a3bf031bbcf2cc6ba7f28292f1ff53c9865af25ae08669e4f2

SHA512
ed3541ddfcb4a22b4d0f95d47270494ceb128baeeb6d68d8ce7abea5e1a6c84148340826db1ed0699725dfd01485a7c32de950db05f464432a43f2f4670c9f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
02d5f9e3e9f85e1aa12fc25b10a97598

SHA1
17ebf3bb2bc7c703419033c608863ecc9510e705

SHA256
c56d4d092d3b2b1327202b8ea1d32cb5d88932a04c23d842b48f64b06c1583b4

SHA512
62537cf715971a7e27852037465851fe2d2d70ae5401945dd573cdc4112e9eaa7f2f286591fc4e0a0d85938b752ea4dd10961e0a5d037306807adff3d4dd54b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
ab84d6fc6c69ae2901110e865de81327

SHA1
06b46d166ac14a5a777678ca5c7067e19c510f72

SHA256
9b7ee27d4f5ec077ee25ce33a8c03da1f21f0c37a6f5e0c7cbbeb3159ee24171

SHA512
2c541ee368ab42083a7812e9caefa16350639922464008b631de3f3099830be7f1c86b478a959c8c8debdae3b68e4dbbcb6cb0359d5fd9ead327559450e24e6a

Download Submit
\Users\Admin\AppData\Local\Temp\981B.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1720-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1720-155-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2440-72-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2568-135-0x0000000001D10000-0x0000000001D44000-memory.dmp

Filesize
208KB

Download
memory/2568-139-0x0000000001D10000-0x0000000001D44000-memory.dmp

Filesize
208KB

Download
memory/2820-138-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2820-144-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3056-60-0x0000000001DE0000-0x0000000001E14000-memory.dmp

Filesize
208KB

Download
memory/3056-67-0x0000000001DE0000-0x0000000001E14000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads