3d95b8e6583bd46b1ef303e710878984521970ee9b4067ccd2bbe5d6e91d0cef

Analysis

max time kernel
143s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23035024f4f47a34894572c3f9a87c0e.exe
Size

208KB
MD5

23035024f4f47a34894572c3f9a87c0e
SHA1

89a055b3f178e480e9d3d6f407d8ceb50fd1e0e5
SHA256

3d95b8e6583bd46b1ef303e710878984521970ee9b4067ccd2bbe5d6e91d0cef
SHA512

9fa4f3b0e7ed6fcb8dabcc1f1e46c475f12bda1f8f3513db6afdcd0332c031211a359b32f64bde705a006e148507e768a67313c54fe3c63747b82946b8775722
SSDEEP

6144:4l2/rr/hNgc53Flz9L49zliJgBOa0lNv:hfhKc5Lpw4gBj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2812	u.dll
2572	mpress.exe
1972	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2700	cmd.exe
2700	cmd.exe
2812	u.dll
2812	u.dll
2700	cmd.exe
2700	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2700	2540	23035024f4f47a34894572c3f9a87c0e.exe	29
PID 2540 wrote to memory of 2700	2540	23035024f4f47a34894572c3f9a87c0e.exe	29
PID 2540 wrote to memory of 2700	2540	23035024f4f47a34894572c3f9a87c0e.exe	29
PID 2540 wrote to memory of 2700	2540	23035024f4f47a34894572c3f9a87c0e.exe	29
PID 2700 wrote to memory of 2812	2700	cmd.exe	30
PID 2700 wrote to memory of 2812	2700	cmd.exe	30
PID 2700 wrote to memory of 2812	2700	cmd.exe	30
PID 2700 wrote to memory of 2812	2700	cmd.exe	30
PID 2812 wrote to memory of 2572	2812	u.dll	31
PID 2812 wrote to memory of 2572	2812	u.dll	31
PID 2812 wrote to memory of 2572	2812	u.dll	31
PID 2812 wrote to memory of 2572	2812	u.dll	31
PID 2700 wrote to memory of 1972	2700	cmd.exe	32
PID 2700 wrote to memory of 1972	2700	cmd.exe	32
PID 2700 wrote to memory of 1972	2700	cmd.exe	32
PID 2700 wrote to memory of 1972	2700	cmd.exe	32
PID 2700 wrote to memory of 2632	2700	cmd.exe	33
PID 2700 wrote to memory of 2632	2700	cmd.exe	33
PID 2700 wrote to memory of 2632	2700	cmd.exe	33
PID 2700 wrote to memory of 2632	2700	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\23035024f4f47a34894572c3f9a87c0e.exe
"C:\Users\Admin\AppData\Local\Temp\23035024f4f47a34894572c3f9a87c0e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\6F37.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 23035024f4f47a34894572c3f9a87c0e.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\70CD.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\70CD.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe70DD.tmp"
      4⤵
      Executes dropped EXE
      PID:2572
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1972
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6F37.tmp\vir.bat

Filesize
1KB

MD5
0e751a1f813d8431a065e32094072b6e

SHA1
793e2c7a454a9b7e22814063fbb3a441eccca797

SHA256
aeb0311aa03f4bac6c669f49c01541f55745bfdfdc0307b13de1de389e36ed23

SHA512
c61215df85fff0d41ba248024314801b1917c3fcd0d6f5cad96f0dd1d44f10bbb4fd5de182f3b45b2b34fd9761a534c52be6a46ff7cff5e2c72181b8cab12606

Download Submit
C:\Users\Admin\AppData\Local\Temp\70CD.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe70DD.tmp

Filesize
38KB

MD5
4c44474dc35269515632b048057f53a6

SHA1
7dca3a38b7bcbe3c114ff32a50a267b336f378f5

SHA256
ff63d2cd2eb82367d630ee59ea671aecc7d6fb32a9a4d991748311206ec66de1

SHA512
acaad7b6622490326bb2e00e166aab7efb8e6637570ffd0b3391d826ffd7091435bfb70f3a35f145e451a1996fcea2dce4a853b8dab5f0322c7b632f4ce809c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe70DD.tmp

Filesize
10KB

MD5
a7ae25381957ac40fa6af11dc23bee04

SHA1
3b4312d9f8dacff81182180ff6895490d80b38cb

SHA256
fed98f608aba5b60e225c042e62e24efc0adfda65194b6f9e544764a15c5572d

SHA512
c08c81f2b6c8c59af70c556611bc99d47acda663dcbc74b9e4821d6190d6865af4f103ba0ef3b6f28028fad0a99ae2251b983b482318b80ae7bf5831ae65743d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe70DD.tmp

Filesize
24KB

MD5
256233a5d3eea9b41e645230beae1aa7

SHA1
e224f2b691d1938a9580ec752d1c5de1017685ed

SHA256
cddba6bd4c84380da65492af085a71321d4c31f1800d0d4e8cb5fbd2a7c3a0ac

SHA512
922cc94d623e83be072f79750ff6ff391b9ee724d0f3b360afbd77f81dbe6bd1e173d7dc634b90a666da9d09d59efff7152fa473ada29736af0d588f9c4d0e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
138KB

MD5
a29f89d8ebd551ee6888418a6b7f3ef3

SHA1
1ad504951f539152929890ca2131907950a92ced

SHA256
8517c3504dcbc26e54843d9ee8eec03fbaa83700765c4df966499499e960f9f5

SHA512
46fbb49ab603c50b22ed4ef4021e6305e09440ec0415bbba420da0b54574173441125ec4342d4e966d0143e2033195d3d4c2912974bf8874b6832cf39dcfd8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
129KB

MD5
e8351c69321fb832c9048a36a281b7a7

SHA1
b7b5e9f1c54b8e2722bc699b2b8e4234f3bfeb03

SHA256
39819d963a0ca3063c19aead5ba382d2b5a799c9d8140cb8531d31f698509991

SHA512
920d2508d6ab87fe7d95bd795aead43df280de0387ccbacdf5892bed0214baa38824a632b81383d8749eb2389d0171b935b87ccd8da05dbb31a670d9415c4da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
116KB

MD5
c5cd7900de170409f25abbce46436469

SHA1
11ec7b56068f8977c5261961c8fdefdfcbd28ef4

SHA256
71240a4ab21e473e9c8eabb1af3c1aad1cac8bd4deb85a05d466b03965645926

SHA512
40743ab3934aed9e07aa781f50cf3266a05301afeb40a7f35ff87b74927989cf60ba404ccf2cb5a434595c12a6bbbda733ea323338a1455a5557c8942bf4ba7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
178KB

MD5
675003fea7d5fb1ee0798d1ea9a667cc

SHA1
453004c6210e557f629d0d6213c0452d5d5664f3

SHA256
f8897d0efc100c172f6ba43264bfc81b9f67c468358d54bb5c3e37efdd0dde8e

SHA512
0061b05415ad18f9721819417664e17f95fdf44c84f9358fe7d4d4f48e013a892caf5f6fa07bb2219016ff1c304ad094e4de7a84d9da3e800b865060d005f802

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
80618d647f3e6d5008c750090ea4425b

SHA1
9fd7b0ef0e74780124bb5fa0675dfacd288b8b0e

SHA256
aa7dfe78df5fdafaf443482536da42304fd10b3642e87ae96f4df61f5ac2d5b0

SHA512
6b19be98d0926e94d31268ffd036c85d6dc7b3645bec8c70c69df5934248b60e785e45a77d726004f9f1660d7a2d4e4adde55d7340716c3125c8b6361e4704f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
56ce278971f546a8bdd7f7113f249c88

SHA1
bc197db2e5a5db95b712fcdd5cc5f01a6bb36ab5

SHA256
005b455e4481b93e4977ae5fd25647d7f68f5d09338789d5b06376166e722a27

SHA512
f6f3f4798a30d893c55e03bd04782e6df87f0990f7b162ec43ef350024203a3dffecea06c9732652f43ded7e43069471f60dcf6c7d54545a68a9c1780bcf62c2

Download Submit
\Users\Admin\AppData\Local\Temp\70CD.tmp\mpress.exe

Filesize
8KB

MD5
5752d0ee34561ad2da6ac40e3f79e85c

SHA1
a7fe0fb07126560a5e54a6c81702bfea8ad9fbfc

SHA256
be22554d617e4dc1a3460dfd5632086168040bc2448913ec8d70b6442299be49

SHA512
e83f44b506334be0c8111cb4cd16de458aafb59b5cd6e906a987661fae9bd713e1495eaca4363cffece9b70cb333a36099d76a176da5525662a4c6b553511ecb

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
95KB

MD5
ef4f3bd8f0c6c0be3db588263507af28

SHA1
531681106d946e51746ff18f19fb385b626bfb13

SHA256
59dd706771ec51f42a44dd24a9a56a97da62f73b8d1d0468f4f1a08c44ca59ee

SHA512
bc1f8aa0b17c6e6721f8ebcea9d4d370940f4403c24c4514652e6312792949f391d82331a048cd61cff96b3c7aa03659018cf6773017a4bab1854712d20df4a3

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
105KB

MD5
228e6f41a0c0fc5841b8ef258781c944

SHA1
708af2d7e8504391f78ea15f40370ba4516a2ebd

SHA256
ef1468710a0a6ca645ec8cb402f8edd2399e5b10d855ef12b2cd1e36fd7a06d2

SHA512
43a0c5c0269452a6092b282001b822222d560658d517b5fc8a098af63320d596ceff96abc958bf9b1b38bd03fee1fb6e2e5ea069d8dec0a65c85b8b7cedec787

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
277KB

MD5
b5dc139fbefa711f9b1605fd7f1ac8ad

SHA1
5ba8be3a3655d38c9cc71a2e34cd52b98225c7d9

SHA256
ba451dd6040e5d0ab2c7edfc975bb9835e8502b377faa2946b54ca97f9fe60c5

SHA512
725aa9342b7a6e7c10788b8ae0f700876c2d5980b72f2602bae990c8777bedce6fee46f5b51e6865fcca142fffcda774e1b8286df952435adcf90847b767d4f6

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
78KB

MD5
f6dd204f26fd864be7a1284ce3b901f8

SHA1
009b963f8c46dabbc85405fd617eee4f8a9c7bdc

SHA256
84f3e98b8f8380ac7aecffd323a48af1b92f9571b95c1e6c52188ccb0adeb41d

SHA512
6cb4fbce9a5ba22694d0c6dd6e89fc296af6c1c45a24f444b027729fb31335243287b38d200f09353701c1d5c39aeb58660be35f7f2ec803210b49347aada063

Download Submit
memory/2540-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2540-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2572-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2812-67-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/2812-69-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads