cc1f7538258f41717a9f9cb321513e63d83e0ae33ae60921ca21d6d9ec1a3378

Analysis

max time kernel
142s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 17:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3aa498a6750dae567873c7022bc48f67.exe
Size

209KB
MD5

3aa498a6750dae567873c7022bc48f67
SHA1

bf70b3b0090e52a0075ada7272876e2353738936
SHA256

cc1f7538258f41717a9f9cb321513e63d83e0ae33ae60921ca21d6d9ec1a3378
SHA512

ef154e13fa26a52229aae5fd603de6008a056c4ed725a39e6865350462b3a5b383f4e36eb764149e8a5394d570e6b1c1ae4b73bcf87eb2a3714df77e8588eb8f
SSDEEP

6144:Ql4mjZF//ZeOO24Bj2Ih41CwjaA0v2kYqOeJoOW:cr//ZeOO24Jh41aAQ5YqOeeO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2968	u.dll
2536	mpress.exe
1588	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2740	cmd.exe
2740	cmd.exe
2968	u.dll
2968	u.dll
2740	cmd.exe
2740	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2740	2124	3aa498a6750dae567873c7022bc48f67.exe	29
PID 2124 wrote to memory of 2740	2124	3aa498a6750dae567873c7022bc48f67.exe	29
PID 2124 wrote to memory of 2740	2124	3aa498a6750dae567873c7022bc48f67.exe	29
PID 2124 wrote to memory of 2740	2124	3aa498a6750dae567873c7022bc48f67.exe	29
PID 2740 wrote to memory of 2968	2740	cmd.exe	30
PID 2740 wrote to memory of 2968	2740	cmd.exe	30
PID 2740 wrote to memory of 2968	2740	cmd.exe	30
PID 2740 wrote to memory of 2968	2740	cmd.exe	30
PID 2968 wrote to memory of 2536	2968	u.dll	31
PID 2968 wrote to memory of 2536	2968	u.dll	31
PID 2968 wrote to memory of 2536	2968	u.dll	31
PID 2968 wrote to memory of 2536	2968	u.dll	31
PID 2740 wrote to memory of 1588	2740	cmd.exe	32
PID 2740 wrote to memory of 1588	2740	cmd.exe	32
PID 2740 wrote to memory of 1588	2740	cmd.exe	32
PID 2740 wrote to memory of 1588	2740	cmd.exe	32
PID 2740 wrote to memory of 2728	2740	cmd.exe	33
PID 2740 wrote to memory of 2728	2740	cmd.exe	33
PID 2740 wrote to memory of 2728	2740	cmd.exe	33
PID 2740 wrote to memory of 2728	2740	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\3aa498a6750dae567873c7022bc48f67.exe
"C:\Users\Admin\AppData\Local\Temp\3aa498a6750dae567873c7022bc48f67.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\8057.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 3aa498a6750dae567873c7022bc48f67.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\81DD.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\81DD.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe81DE.tmp"
      4⤵
      Executes dropped EXE
      PID:2536
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1588
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8057.tmp\vir.bat

Filesize
1KB

MD5
ecfbf35b219fdfcbb800abde1e830629

SHA1
6f78feec17af9cd96f78c9a8ff30b13c25a79996

SHA256
e7c932161c03256e497e7e97eadac273d9dfa25cc1bb513408305dadbd309f72

SHA512
ca4f8a93f6c764b4515e0686a8dc56a5c018806e55907576d6900201e8654ec1af78333c0030ea80c11ffa31e22b049f6f05e56ad79d40e123f69fe49570e777

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe81DE.tmp

Filesize
41KB

MD5
9cdcf02f847ddde1f3b62c676c5cc737

SHA1
1e28bc7716cb6adb55b1b397dbabbe31adba3cf2

SHA256
d7726cc05bcd788912a23fc85f233775da28cb0d4d2920c2be66e5cc69e2b7ae

SHA512
438303dceafa36ac40271d6b7759248357109cc479a53dd4eb472ab35d51f333f629be2da54fc113bcdcf2bb4bdf4201b5075351842d20d7e818c80a31b88e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe81DE.tmp

Filesize
43KB

MD5
ecfe5eb73fb50b99bd430fe09dee9fe6

SHA1
7325fad145e9749a106db2c5de5ae188dc3e967b

SHA256
0c245ff76b9af42c9f77ff47b882c747cddb377e52eb6b9727c33c153b1eab01

SHA512
db4768b92f79eba196fc7fb74bed091ed94560cc337f96d23e655c096a69e3fc0bfa706e14b3eec6c17ba83ad4a5678cd80c9e80a5dd76b12e31fc0ca20c8df2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe81DE.tmp

Filesize
43KB

MD5
9fb00b08a2bf0023185b93a5893be8e7

SHA1
65d12524dc907270067f48bc1825f38bfaa4c4ff

SHA256
ae6e808910f662c0ef3fd429adf39b43619ce82c8740bb2c2e15736cdd733c75

SHA512
df512082e50d9129a29e4db2f9aca382af2d56477db86bad7f7d5405e5b690ae041c317b722a7631116982d70f79eba7bf970754505b99e88520dba36b0d1024

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe81DE.tmp

Filesize
25KB

MD5
c86aa161a15e12970ce6fbe2f573eeb1

SHA1
967ddb2857d29cf3dbe323f1a9b1150d705a403d

SHA256
a2ee0db68795c5ecc51ff675b96981c1e836c8bc1b3e0a8f9b852a17f4cf2b72

SHA512
d30fff20426b121e73b0af5d8a3c6ab60b42c94ad4b88d32f6ebf104b55889017e6308990690d8add7aa9ed2bdef4de3c56231f6fe1a24f67f7eb8154c0b1389

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
ac3e2f16df5b8e004bc7528957957c95

SHA1
318dfb96abdc8e9d3778788dfdbb1f3dba885fba

SHA256
c53ac431faed8f5ab7c67b254f913efe0dceaafdbf26b02b930d07f45d840fe2

SHA512
4c60d3b255c38807a104e4362493dbf651fb8893633e94ee9a4c69770773f8d7bf95d310051154b9bd74d6eb1993626a5eb107e74e891d681f0398c64a7ebaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
0b79b49f33a5f053590465e21d45fa33

SHA1
228b03c2db98e254c734480a8696fda13092ebdc

SHA256
32faa382887d43cff68652da36bfaa0ac62c40131313e33bab31d2f0462e43de

SHA512
fb20639b877b2325298eb0891c79b0fc1da8460f128b9f94418d94ca8e0c2fe38aea965926c82dcaf473c28f0078469e9783ae25a8275666a7b5c1d9d59d8b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
dc344d361f852a0505b223e907f8746a

SHA1
d664b1b5603fd94d0609ed48ee49c2d19a34c0a6

SHA256
6176cb65bc41f43aeab579a2dd0aa49c6617b3154df095f6ae3bfff13b6bd7f7

SHA512
26121d3c1d8f12ed1ef42e137bcfb9a656b57e68258e9fc71e9364755ed4df565122b97fbe5880b674b42fe08fb319f4e3ddf92570f398898ab4830359086fa6

Download Submit
\Users\Admin\AppData\Local\Temp\81DD.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2124-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2124-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2536-67-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2536-73-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2968-61-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads