aa0e6657837f655c76d0d28ca748b1c8a917337459bc2c7deeb1688dc628ec4e

Analysis

max time kernel
143s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a888b6f553a234b701c21546fa0b541.exe
Size

208KB
MD5

3a888b6f553a234b701c21546fa0b541
SHA1

0fd1bbca094ddec1d662b83340a4aba8b87bf1d0
SHA256

aa0e6657837f655c76d0d28ca748b1c8a917337459bc2c7deeb1688dc628ec4e
SHA512

dc0664bb8dca7a71959d0deec9c92e608fcc31c7a56a5f785bafd10d45c15565e624b1846548003d04a47b3d6260a4c492851cd3c21ecb93c53b2ed43ce0e683
SSDEEP

3072:Ql2/rrWprOG4IjPexw7mB5LAYJxe+vbW7JVPFfraspRCEZLvBjwiUDGJ8Mub:Ql2/rr+hjQUMkgE+vahrTC+BjwiUCJI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2696	u.dll
2592	u.dll
1804	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2240	cmd.exe
2240	cmd.exe
2240	cmd.exe
2240	cmd.exe
2592	u.dll
2592	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2240	2200	3a888b6f553a234b701c21546fa0b541.exe	29
PID 2200 wrote to memory of 2240	2200	3a888b6f553a234b701c21546fa0b541.exe	29
PID 2200 wrote to memory of 2240	2200	3a888b6f553a234b701c21546fa0b541.exe	29
PID 2200 wrote to memory of 2240	2200	3a888b6f553a234b701c21546fa0b541.exe	29
PID 2240 wrote to memory of 2696	2240	cmd.exe	30
PID 2240 wrote to memory of 2696	2240	cmd.exe	30
PID 2240 wrote to memory of 2696	2240	cmd.exe	30
PID 2240 wrote to memory of 2696	2240	cmd.exe	30
PID 2240 wrote to memory of 2592	2240	cmd.exe	31
PID 2240 wrote to memory of 2592	2240	cmd.exe	31
PID 2240 wrote to memory of 2592	2240	cmd.exe	31
PID 2240 wrote to memory of 2592	2240	cmd.exe	31
PID 2592 wrote to memory of 1804	2592	u.dll	33
PID 2592 wrote to memory of 1804	2592	u.dll	33
PID 2592 wrote to memory of 1804	2592	u.dll	33
PID 2592 wrote to memory of 1804	2592	u.dll	33
PID 2240 wrote to memory of 2664	2240	cmd.exe	32
PID 2240 wrote to memory of 2664	2240	cmd.exe	32
PID 2240 wrote to memory of 2664	2240	cmd.exe	32
PID 2240 wrote to memory of 2664	2240	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\3a888b6f553a234b701c21546fa0b541.exe
"C:\Users\Admin\AppData\Local\Temp\3a888b6f553a234b701c21546fa0b541.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\421F.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 3a888b6f553a234b701c21546fa0b541.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe5B1C.tmp"
      4⤵
      Executes dropped EXE
      PID:1804
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\421F.tmp\vir.bat

Filesize
1KB

MD5
e88f21a829f04c02fc51b8f478919eb1

SHA1
08abda4d48d783df8cb487cfb7d0edf763b96848

SHA256
d2094e9feb861206a458a758bd550ed020f5582d4b8838900c4a77f44e933a33

SHA512
e6ba6c90a8f37fc1c1d8390716cefb2432dce67f55b973820153d7d0843e2960bb1a52a69732b654d8c80a030b25c86f62c760432fd83168aaf8c39dec91d395

Download Submit
C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\mpress.exe

Filesize
64KB

MD5
fe56f554177a3fb37d1288438f25484c

SHA1
e1109031057902b9e4d27712c7b8d889cd3f7241

SHA256
5ce33d0d34d017bb7883185a13b71f15db980eaa7ffd1419567a4c5c42d5bfa3

SHA512
0930529f2023f105ae24b6297ce623cfbb823b43151ac5abe586811e8f8256fe142764ab3199360b67113760da909adf1abd97a6de3f80c0e0fdf695ce96a236

Download Submit
C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\mpress.exe

Filesize
62KB

MD5
3ec7eb6c2c219b4219983fdd6c332c74

SHA1
e5b128a9eb1ccabd127db8b5899f5ec32a1f2a76

SHA256
336ba46b7b3255733e05572f758a4822dabef79308d7d23e9370a74c60ed27c5

SHA512
0e268d89cd0f23d158d94e106a2830b551f6c4fa1d609b39f6ba7237b312710fc0347970ee58c909682447305ad16f7c39d8c85c8ba81cba473bf315f33c1053

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe5B1C.tmp

Filesize
24KB

MD5
256233a5d3eea9b41e645230beae1aa7

SHA1
e224f2b691d1938a9580ec752d1c5de1017685ed

SHA256
cddba6bd4c84380da65492af085a71321d4c31f1800d0d4e8cb5fbd2a7c3a0ac

SHA512
922cc94d623e83be072f79750ff6ff391b9ee724d0f3b360afbd77f81dbe6bd1e173d7dc634b90a666da9d09d59efff7152fa473ada29736af0d588f9c4d0e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe5B1C.tmp

Filesize
41KB

MD5
ced9fdba93c6c0a69c43a7fc783d0182

SHA1
3919692fb4669491dd6a24c6bb16f430d0a43e7e

SHA256
a3bf78576222c5da88aea0b9196a2d1003618e4bc9de921d3bac3a2c65ded3fc

SHA512
ab94864403a39322f8587ef946a34e06311ef27d051c4023e29e599ac85cd9bfa15dfcb94f491bbc4a95753f33f28a768b22621cba654c8060daa5df03c73ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
101KB

MD5
9e2a587e77cfb76c81b4db7e5b13e17b

SHA1
af696345f35fe3b2fc88c393c3163fe9cfe7fadc

SHA256
98a8e2c91c90b8b62092ce89543acb954629ca643bf9895917aba98add1c9f83

SHA512
08c4a56c97a8d736f9a020e3baa94467427e3dc9e2fbd9726ecee01f387579b501137cf23e5d72d21976230eb9a16dcd94831e643d2eb2f548f7113ec25228e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
80KB

MD5
d7328665eb263ddf06ac390f24c95ba0

SHA1
8892f610300d1a661c1e3fefcf24fafeff5b002a

SHA256
d5dd5ca6fe7a1db337ab187b807fd397077bfb9f96dab75a0bfd9b6bb959e31c

SHA512
3d61d30168afb633511c77c2259eb7dae902cfe1228477feacb7e0abf622acab699ce7e7e72b245be147d19a201560e7a02243bb9dec90bb0cf508e20b118ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
80KB

MD5
73a9c38555f7dfbf58575bf03e479c81

SHA1
a971c53da188ab7085919c7848afdf1d45bc95bf

SHA256
a44fb5d4debe3fa7bc7d14617c54f919f2cbe8243f4c254ec3df98c2c73f434c

SHA512
b019f3c44d46a548c7e3cc1f238378e995b3f18c664c42e692dec035ed46bf19d7963ee47156eced53a487044da824b8c02bb579d1121d3a399d510f7a006603

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
168KB

MD5
faf87082ed59539b032125b1102492b6

SHA1
c0b128fa67d5bee5aac6a9fb8ec2877d2077a2cb

SHA256
85cdbdb442359864f3ac2c84a651a0e6a89e6e31daa48aab6472162385b06d01

SHA512
aafdf50940780222d15a1b811ecc6c640b37709e9086c6318ce4ac402b0ce3b4b9b72be103b1c3e8e0ef35a4d90cb15d6272757c46ab19b0e28fc0885b0f28a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
32cfeb3857d06dc6983d9da07f96715e

SHA1
7ead9d623ec1114c47a9337a19f93c38215d79af

SHA256
a26042fe1f87cbec1ac420c4d6d7c490abb05fb74323ea84baa3582bee1d557d

SHA512
c7f4afcdd0361ddf916de7f34dc6bd7f9151840464d434cef5b876ab1b283951f4ca71480cf4cda4b05071422ad49455a03959ac69cd7699a01fcd285a78fd40

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
a9ff88a97cc45225fddfe30d7ce3d61f

SHA1
6b04db610d7627e4378bbdc70d17d13073c03392

SHA256
e4d2e338294ceaffc1e814c1669c4094139924e349e7de651881224a5e404b1f

SHA512
b307f420390a5b8501139d732f01f079ad26f8f0d153b6ffc320b11564e56c152252e554d65584975a1ebdda2b715494670737d1ab2e72d28c1562529124441d

Download Submit
\Users\Admin\AppData\Local\Temp\5B1B.tmp\mpress.exe

Filesize
97KB

MD5
4edf0917563d64e40b16b7b75544bd64

SHA1
0c864e0ae75a12aef23ab90ab4be97d7790ab04e

SHA256
33ee96ae9ca8279d338bc2862f7f7a915a2ce961001712ed4523ecf0900b1697

SHA512
c1f12e3717ea6848e240146dc672592d31d3cbacee3970dec7a1c173c68835bf1becda4b1479e1b88b9dc39f38ee65a7f90492a0778d788fa48f6b5c147e5f06

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
107KB

MD5
581d98077f2c962c5e31c06dc6bcf831

SHA1
e336601c7e6244e265541c9278466f398a144261

SHA256
c38abf1d0410a2ac8a9fd8330efef902357bd417def8df80b7eba2ec9e7e8778

SHA512
464a4e6b8492ee320dc790442ff6725604b4af4daa95b9fa6de73c12d04d13c1f70a712120544b9dc2b44471ea6388a0936691ba00c9d0f34446f1eabfcf55a0

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
109KB

MD5
3acf43aa17de328b0a3886931a06b98d

SHA1
6176ee692baf3b8ae392498213db08c8021c0795

SHA256
c0552b3bc6dfe3d3ae82271f9b912d1a0fa0714e5cfdbf0c7ec01668b500b4fc

SHA512
5129ef586619c83ab8f76d5a6ba31c22f528d0e004198ce54d187197836c0e39d72d155a2ac0b0851a58d35c62456905d6b38ee4ac18e8d2f17b868a14275eb4

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
9ea19135c5f4066ec4b4d174e449a048

SHA1
e660123c8bdb78bd462f4409775cc001fcb48a82

SHA256
33480a20d4109e995a5b40b5185dbe50175489aa235675938bcd526b9a5491a8

SHA512
49983b1b29c84bf03f43f93d378f81da38ca3c07b5070ca0d9e0f0fdec3312fedca114a35443b1df4fde31c7396fa88a534da1280497b857fc32ef88ecd019c4

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
140KB

MD5
1387f4c3eff81d68bef137b3cd9d63ce

SHA1
414ddabbe878f08e153e3de2a1ad8ec7b576e324

SHA256
8ff815926aac9b2646307f3a8f759eee8205760aa6d42f9d85b7122402b9c65e

SHA512
f572097ffa515552b96f788875f3b8f9917dc61cabda7f94944dcc7018360c170e28e845d355210f6ba4fce1f511b963efa48a2064ec078c6b03d2de2d023689

Download Submit
memory/1804-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1804-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2200-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2200-114-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2592-96-0x0000000000300000-0x0000000000334000-memory.dmp

Filesize
208KB

Download
memory/2592-90-0x0000000000300000-0x0000000000334000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads