335a54a3b3e73bb29d44cb0188a1556d5a1490508de77793518c0a782eec109c

Analysis

max time kernel
140s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28b557cf7c7238b9af8a1f1c7e035a01.exe
Size

209KB
MD5

28b557cf7c7238b9af8a1f1c7e035a01
SHA1

c29b24c2840d4eb9215e2c90fe33a6f956ef11e3
SHA256

335a54a3b3e73bb29d44cb0188a1556d5a1490508de77793518c0a782eec109c
SHA512

57d18c3958bc111dc79d1954d533cc191de1841bdb52039a16bd69a9dff996af486969d78895c0205f4a6473ec4df927c36d996b42b4ef7b47d5893c0ff37cc7
SSDEEP

3072:gldA0eEdgNlgDv1BjDIVhnsRKwia3T3EdmTDdpo7lXkpbGeiaMtl2BU26C4XOQFs:gldA0h1jbjDPR4aD0dO3pbcaMlnZCT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2988	u.dll
2708	u.dll
2920	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2828	cmd.exe
2828	cmd.exe
2828	cmd.exe
2828	cmd.exe
2708	u.dll
2708	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2828	2124	28b557cf7c7238b9af8a1f1c7e035a01.exe	23
PID 2124 wrote to memory of 2828	2124	28b557cf7c7238b9af8a1f1c7e035a01.exe	23
PID 2124 wrote to memory of 2828	2124	28b557cf7c7238b9af8a1f1c7e035a01.exe	23
PID 2124 wrote to memory of 2828	2124	28b557cf7c7238b9af8a1f1c7e035a01.exe	23
PID 2828 wrote to memory of 2988	2828	cmd.exe	24
PID 2828 wrote to memory of 2988	2828	cmd.exe	24
PID 2828 wrote to memory of 2988	2828	cmd.exe	24
PID 2828 wrote to memory of 2988	2828	cmd.exe	24
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2828 wrote to memory of 2436	2828	cmd.exe	31
PID 2828 wrote to memory of 2436	2828	cmd.exe	31
PID 2828 wrote to memory of 2436	2828	cmd.exe	31
PID 2828 wrote to memory of 2436	2828	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\28b557cf7c7238b9af8a1f1c7e035a01.exe
"C:\Users\Admin\AppData\Local\Temp\28b557cf7c7238b9af8a1f1c7e035a01.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\898.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 28b557cf7c7238b9af8a1f1c7e035a01.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2988
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2708

C:\Users\Admin\AppData\Local\Temp\2472.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\2472.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe2473.tmp"
1⤵
- Executes dropped EXE
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2472.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\898.tmp\vir.bat

Filesize
1KB

MD5
b5d5499762eec1f9769753794f16ae33

SHA1
a7a691339b8e077bfeaba1f26c0ba6d885a0fbef

SHA256
b80370e0db261d4783995870e39b533d843ca8813a784b0181c5b7a6ff854330

SHA512
5f6be0c15d2e07dbd5211f8578301dfc860dea86afb1e3a3e8af9c6bf871a457f65db8c69c7f846aa05ddb9879fa75b64623b9e33973d936f2c9c02e63ddf118

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe2473.tmp

Filesize
24KB

MD5
b799e4b3cff5cefeb8355cff4153f617

SHA1
cf39041f0b03033f148329b62c2f593ffb3ce8cc

SHA256
e6f5642d95d82404f0c87ce3b455c662ad247d533cc01b0f454d194b244207c4

SHA512
62e28c9cf91fd311d2dee021062a92eacf482455842a6f835afedfb368d84de089569ae032a37c85c05c4cc20d1e1aeeda2cda6e673fa42e00b80b19974b9f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe2473.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
413KB

MD5
feb7d695e90185135de3b90d3a62e4eb

SHA1
bad4b248c23a4c833235f87931d78009f1de518a

SHA256
6042a3a9cdb198a1aff847c31cc2144a860007e8950265921c4e2b99ec371f8c

SHA512
1b104c086fc16b6c4f651d619b2bf723fde891f3a8c55cc14c24e153560cc5217f5e3b7141781f43b82a8a951079d68c2ab21f76c22a913acc243e794e5225c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
248KB

MD5
8d5a07330bd9af98c7713b2df941a2d3

SHA1
0cada1ceaf01167ecbf15fc107d9edffd6128d51

SHA256
2d60fba49ad06c3344cf457e10ad9f6160208cd1de83861e28b831a6eb008faa

SHA512
b42343f3c1afed4e26e0c51c16dbfe5b65cb468200b7b4cee8be83144f11593a1b558e800dcd011f7ac34ec9e3c693bd0e7280b71b6cfc787ecec70fc72fb639

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
312KB

MD5
02ad4ed6406636698799fe1553baf659

SHA1
9c6fa3bcc3aa864e81a09573ec95feba879dffed

SHA256
3b1100b21c2ce756583aef1875cf78fb8b29706e923cb184390525d43b14e60f

SHA512
71b14b468d012a4963c6619219844c9972601c3690fa1a47d42d2ac26c2be9b89d147500c8c41890df3dca9f347688d594af86a4b59e95d5c0461d917404789f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
427KB

MD5
3ec75fde4808828bb763b5f1b43028fe

SHA1
f90f0ed5a467bdc20053d0e4cc8169de4cf0a832

SHA256
9c1bb786528c43c94f90b2543315686290ea2671fa315900ce9a744a2026c70d

SHA512
9d8cc77b00488a2c4a9e762d98b95fd8e22c63fe4b1d696be9ae8a65a056c59d40f9e242769fcbab4be5353950cd86d7712b76ad8fe0a17c428a15c8ad588fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
938c53189f97d1e84a6ad473c89c8677

SHA1
f2aa832525553ad1fddd7d4eeaccb7c04be3a434

SHA256
2c7994b20a27aa566fc48d3d52a9817ab4df2f291fb6d7547639bc1ac6a984ae

SHA512
9d6f5096a01b721b312144d94ff8d169db1d510be32a648b28807c95704eab8cc74a0c121aa5c47d056de1507390c37bfc9cc8c81965774df4512c1a9909b35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
9b4bf89ab4f54d9dd8d72be0291e6209

SHA1
b222d0ed7909277accdc6dc7b783387f17889819

SHA256
1162d253e1095d994fec0eecba9ce46c1ece4acc6aaef72f5a0f6bd9cb670a3e

SHA512
f254b47852ac3a781e8357ee96755ff47a0ea1d24a95b4e031b1edbeab6201cf20bda0104d56d7e8a27c22e02327e1e1db5c0d456c7d528cc0f0c868e9e42bd8

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
341KB

MD5
cabf0dcb14672864ade6a15246d80257

SHA1
1c0b2e2148a829c0bcd755964877e7cff72a9982

SHA256
6fd187e39d51a78b9776f27023d3d1d3b9535ff6009a0881670e0a83309329eb

SHA512
b23f437219a035c6ec5cb3b7d0308d7659db49c9a7cb1028f1b3cbc7df9f0a788759cbacec49728f1ebfc53a3f8fc6dcecd590dd74f2858bec295c709b70dcf0

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
260KB

MD5
ab9f43f3fd82b2f4e3eb3fb13485bc16

SHA1
a7c09e6eba70cc68c43844e18f070ee23ae73a46

SHA256
32fefa9ddecd0392461e424ab742b8db46075848cda490046e58ab943c46c64f

SHA512
f5957458932e55d56cceb29baaf8562770b39bf54fe79bd2278ab52ce5a3b825373895d5276551cf034a311eaa89bb8254b6fe9da0b209f0f189ff8e0666f532

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
492KB

MD5
a330d62b795d53f2c22f4d8a65a349b5

SHA1
3abfe98107904af7e4ed4c4d565a0a34d6caac4a

SHA256
4222b872d1df7d4154190c0fa303a00a68f41123dea8f6caeb803916d9a41774

SHA512
884f91f31ea3c7d88fb390a22a5cdd74ba035150355950927d86e5c1ff9c2b6d170927a8b6d6742b28a5615a57bb0ba2e80601cc488c7c6bf31de6f02d6601d8

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
502KB

MD5
9ad330f3e880e229120cec9dcdbd4e39

SHA1
7602a1db3a14535188895f9c5829691f848b7013

SHA256
64c1880b15eed7e8f99b78112fa09dc1cba37ba12233023bdd18fbb476cb6160

SHA512
945954641050627cdca1d7fc6332c226c2d81330d9222ad686b145972f770fbbe318596eb78dece3a97d4f009a58eb15fffa30453c1e635e413a9023691cde4c

Download Submit
memory/2124-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2124-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2708-95-0x0000000000320000-0x0000000000354000-memory.dmp

Filesize
208KB

Download
memory/2920-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2920-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads