66c44427916784b0306ce6824864168aa8ded1d5c7af6c8aab7ab5d47690fe27

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

472412b87ac1d33a5f0f2e99f8a96ec5.exe
Size

212KB
MD5

472412b87ac1d33a5f0f2e99f8a96ec5
SHA1

765d1ef1dc5bceae829845447ddf12514c7734af
SHA256

66c44427916784b0306ce6824864168aa8ded1d5c7af6c8aab7ab5d47690fe27
SHA512

7b009f62659d3cdd6382ddc1f15f6174c4a2b7a0090c89a8e45ad66fa902e5b89d1e762a653563e88c8ae94c2f5516f735b3970defafe4fbb3b8e92baec3e785
SSDEEP

3072:XlaJQ8oJ2x7rKkr2BUojuwIFEcEiEzRqgSV0e0vq9S4RF2T/2l8ESVofO:Xla2kprKkr0uy0cRqgSX+q9Sy2Di1AT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2760	u.dll
2544	mpress.exe
1684	u.dll
2008	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2692	cmd.exe
2692	cmd.exe
2760	u.dll
2760	u.dll
2692	cmd.exe
2692	cmd.exe
1684	u.dll
1684	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2692	2016	472412b87ac1d33a5f0f2e99f8a96ec5.exe	21
PID 2016 wrote to memory of 2692	2016	472412b87ac1d33a5f0f2e99f8a96ec5.exe	21
PID 2016 wrote to memory of 2692	2016	472412b87ac1d33a5f0f2e99f8a96ec5.exe	21
PID 2016 wrote to memory of 2692	2016	472412b87ac1d33a5f0f2e99f8a96ec5.exe	21
PID 2692 wrote to memory of 2760	2692	cmd.exe	20
PID 2692 wrote to memory of 2760	2692	cmd.exe	20
PID 2692 wrote to memory of 2760	2692	cmd.exe	20
PID 2692 wrote to memory of 2760	2692	cmd.exe	20
PID 2760 wrote to memory of 2544	2760	u.dll	19
PID 2760 wrote to memory of 2544	2760	u.dll	19
PID 2760 wrote to memory of 2544	2760	u.dll	19
PID 2760 wrote to memory of 2544	2760	u.dll	19
PID 2692 wrote to memory of 1684	2692	cmd.exe	18
PID 2692 wrote to memory of 1684	2692	cmd.exe	18
PID 2692 wrote to memory of 1684	2692	cmd.exe	18
PID 2692 wrote to memory of 1684	2692	cmd.exe	18
PID 1684 wrote to memory of 2008	1684	u.dll	17
PID 1684 wrote to memory of 2008	1684	u.dll	17
PID 1684 wrote to memory of 2008	1684	u.dll	17
PID 1684 wrote to memory of 2008	1684	u.dll	17
PID 2692 wrote to memory of 1468	2692	cmd.exe	16
PID 2692 wrote to memory of 1468	2692	cmd.exe	16
PID 2692 wrote to memory of 1468	2692	cmd.exe	16
PID 2692 wrote to memory of 1468	2692	cmd.exe	16

C:\Users\Admin\AppData\Local\Temp\472412b87ac1d33a5f0f2e99f8a96ec5.exe
"C:\Users\Admin\AppData\Local\Temp\472412b87ac1d33a5f0f2e99f8a96ec5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1610.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2692

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\1738.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\1738.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe1739.tmp"
1⤵
- Executes dropped EXE
PID:2008

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1684

C:\Users\Admin\AppData\Local\Temp\163F.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\163F.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe1640.tmp"
1⤵
- Executes dropped EXE
PID:2544

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 472412b87ac1d33a5f0f2e99f8a96ec5.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1610.tmp\vir.bat

Filesize
1KB

MD5
4d2667910812addeda1769f367221a39

SHA1
1d36e93b7fcaf777fd648a255d67996343e9cb2d

SHA256
7f1eb23591a2c9d79a22afdbb9dab0dcf30bb0f863476fba8dbaa2fb51f6b984

SHA512
4a76dac89e577aed270bc19d896e5898c78fc12dbbf79e75e4b288bd69059ae7b970a279e49fa7aa523d4b669985544aacee9eaac9aab518405ad556bc1de44d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1738.tmp\mpress.exe

Filesize
17KB

MD5
7f41e63624dbde4034752626724ce31e

SHA1
1e4953cdbe47fa4bd25148d5bd4cf441faf035ca

SHA256
ceee6e3eba048b6fe35b1d6e680818a913ed717890848df31d27c2bea059433d

SHA512
a5221a3f60d78827fb38a1869ee0bf26114f92a2b6ba59fb4accbfb13389724d6b9391bb4cd74afc883b34ac72de786bdcaced1639ab1c75c1cd840cf6fab930

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1640.tmp

Filesize
23KB

MD5
1f6fc6dc73df426ec2d443743545dfad

SHA1
e6b1fa81c53d75d14f1db119c6a1b83fb56e56c9

SHA256
32a52dbf2eee5d1d650bc66172dce429b26d39e42f02b8cbee08982f84c8ebee

SHA512
f32a7f6ee4da4209fba4b14a10087e964de28489032ba159aa6a710befc396d310445b1f1213e826e4cc3c37beb7be0a55ecb9f99233f5be54cc2cbba67a0f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1640.tmp

Filesize
12KB

MD5
282c665dd1019299c2858149910d3b4a

SHA1
9b643154540a7954a8265a832d2d7be793e7607d

SHA256
c066bacb217eb38259f7a759771c946ad5e1e75a539d7ec005e8b656baf2a2c6

SHA512
5a76d3a4edecaf12765dad25a7428ea3b7d8b8b04b106072f447a0afc2daedaae29272cd994ad665c37196db07227d1c2773f3acd89101aa6916296f48d4d5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1640.tmp

Filesize
5KB

MD5
5635d0955c14357f09c8a6c81c00b46d

SHA1
a600035ae8daa0c74a3db7b04eda76494e21bbb1

SHA256
9220c5a314c791abd9f9caa5a74121747523f07ef40f9c637228622aba2a9157

SHA512
e1da3ed2b59bda9b7923fa2dd468ae6dcf3398d1ee566405617bb20d60d5d0fb507be613e1dd59d5b57ba989b1946743394e0b28dcd05c52360dfc5f9462923b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1739.tmp

Filesize
25KB

MD5
f26efa4a5cd2c6a7dc4c8cac33c6ce95

SHA1
22adc77f25e4694bb870d45bc26aee545c66a413

SHA256
d3e70396f7626a5437620c8a18e9b0e05d0987d080e2043579fa0656dfe25a4d

SHA512
d9c059fb595f61e1bd9287f29a1a7130ed3783c3be9b108ebbc3c588f5d20e6d5a9abb161c70887e89a2014f8ff6bbaeaa3cc91b02a64c804e4483448d38ac6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1739.tmp

Filesize
1KB

MD5
5da45d3447a345d277478aad6921e043

SHA1
c15809c8d0bffbdd0c9bcf1cd1c3fd93a369d036

SHA256
e46ebdd368275d7da4eab510a361fbd0b3fde56c3c3686fd096ae02a52df43ad

SHA512
bdd6bf6a2c192c0928da59abada48a5bf758ae9470ccb100655866b05d789a67249f548f942cef8dfdcf67055fef35f1f032744f5dced955be205b921ec1c923

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1739.tmp

Filesize
5KB

MD5
db66b12d9163978c89194be9406e824b

SHA1
010bcbda0b7278683cc7eb47dd77db3183c4a0d0

SHA256
2c60edd9876e975b00c1fca3ff3c02fd72de98df4f4a99f3dbc66765b7b1ed03

SHA512
8c52dbb0accc4540c78e63b25e2d649fcc6a337839af63b2e5232dafdc085b02b9eb259c3efdefad331bb6fcd3bb2ab7c752fa82d19de96b5007dd1040883a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
38KB

MD5
47fca418e1e3b219528dd02933b70c67

SHA1
894f8120a5d3f6be244b76fad559893eb217f197

SHA256
40e15022b1fdef094c58c6f5b60c19659950e41cf869dbd24dd70bb033664a61

SHA512
1e53f81b575612092022af4d727b1ac3a39361c92e6cea325533efce2c2fc51a020f756485c1b62439cfa814dda5fdc7c8c35b0bb3728f93f202365d9365bfcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
9KB

MD5
e55196159a8d029cb8a066515dca2094

SHA1
57061fdec70350ea58f9c0df231dd3b137f40d49

SHA256
cc8fad28a7432cbf1fbd231263134d753c040d85de38a2669a5a545f0d5124ab

SHA512
54ccad51a012a29963349c4e262f9e43a2a59ae8d078528044c8c8e884e1e7482bafaaeba91d0b83cb56e8873e4ade99d211b7b9e366d6edf647efd9a7b8dcac

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
32KB

MD5
d0ca162dddea22ce92719ea3dfcbf08e

SHA1
6d9acd2717bcaa2c26c953d7bdc1786e4324b861

SHA256
e47ae1a2f116a65fc48fbd4d6a3d82a1825f4b8f0b7d66f800e316a27a1c084e

SHA512
276e49774bf832d0104612d5825de082d53c3497b1d48df193e25676ec8cd8baecb25426a4687c5c1a12eb578be566923172743e8ea69e7d665f5b8b098b24dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
65KB

MD5
b4fecea65c8117a1eae8d15aa0ceab2b

SHA1
49853e42459c31ea62f84903e8bae72eceb91522

SHA256
a96257db6b84a3087b64387388385bcabd7eef5d3f366a052bd5eea7fed0e3ad

SHA512
de980153926332550b7365436ada954ea1544b66c61bfe5cd77d1297c59d0aade5eede9c27c7c3c17c5cf16464422180c1c5f0524fae6f3424634bdda1032ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
773c045898cc4a180a9a6f06afc24bd2

SHA1
e4f5964020398cb632125cd6a6b128eaaccab8af

SHA256
776d1f4eb35c321cc4f048a3b67b58fd867321878510ebdfee3f91c4bc39cffb

SHA512
ad52a2716efc997eb68a5c4d049ae6cf8bcaee358bf96f2c807ee9b3870f9b0618f7555d793735da80f39a6e4ace8dcb73a4e09fc0a3e50cf502deca3d95f5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
7c8ccaa925afa1a13627946a15a618cc

SHA1
5cce5a5a2ac544543af89738df0a6cb3cd4ef484

SHA256
4f4ef93d343de8c86d4bde7fbf00ebea422438e83315900f479c35e56d226d83

SHA512
c6becf4256e515d8db2aec9b579891f4f62aae7d808acec14c755f9dea39ea7235b972c0820a404fc5e23c4eed63bebd8f9a75a0568bc1586c5f170fd9b01b9b

Download Submit
\Users\Admin\AppData\Local\Temp\163F.tmp\mpress.exe

Filesize
7KB

MD5
4ab8c93e648890416bb7e55ceb20f95c

SHA1
6727b8e9542c4857e871f9c48c6ccf3b36753b6d

SHA256
8fab35f34eeb199f85b9cee5065f29a754dd94fbf3ef68904bcad5b87d427acd

SHA512
3cc89e718e2f293b01c14f40471aac9fddd64d80ea4ef8cb418b6cceaa575edc77bd886850e2e074447afcab90ee046f23bb6d2b89166e802539673bf2b561bd

Download Submit
\Users\Admin\AppData\Local\Temp\163F.tmp\mpress.exe

Filesize
30KB

MD5
919b59dc7d5b3af0660fbce0179db130

SHA1
177663c4bf0fa3b0a82dc9a729ec988676319629

SHA256
66d9a4aa9b5671f72214bd5a339c3b0921659dc47fe3ec01dc3711acc7916217

SHA512
c11f6342e41b399c4fac7952e627ab460389ab2cbce496dbeb92a64f80953b0b5325a79e484dbf81b27b100aa9573a44e370db0b9287659a51a469a66b2338d8

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
14KB

MD5
0810e77093383ee2d9eaa388403e83c7

SHA1
9ef3fd0c866754b970744ff18ce25f719f641c1d

SHA256
6171d9c5eb1f760ef8559d91f8e3ca8e63a688af15133f0cf9a3762ca7ce8a2e

SHA512
07e8b693295099fe047cd06721cb896cd4872fe1d561aeb13b0d6abfed8c26b1d71f9420a6b15a08c704e5d4057ebb16302051c28f1f90bf462d300d36b3f8be

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
16KB

MD5
0f9abaaffdb7c0c9b00879b0bdac18a2

SHA1
7abcf3aa773ad44509d88ebca48684c730cfbb4e

SHA256
4228410efcc6afb561d34db75368b06ccf3d6964e20c87d45fa5aec00dde31a4

SHA512
a427e20b4a86b2a3ca3e55ca63a7963708c218420c8feac633a6126a4337df9559592cdd9f75e70fbd3f4beeb1ddf260b3d2ba76ba9cf447ded6bf59c792f32f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
21KB

MD5
2163ffdacd62aa874cca218801675688

SHA1
4aecf87b4ccce622a183da48afdbc384ed683582

SHA256
b2ccd798356d6b3e7e3b502589628b31342a9f017c487a4263534bd7deba6b22

SHA512
a8e6172027a7d214e23d05c607c996938330f6d60f1b6fac093d2915e59bd4286b68e51c140fc2f22349906988022ca57d5d9374be3b863c7d48c71859388204

Download Submit
memory/1684-138-0x00000000002D0000-0x0000000000304000-memory.dmp

Filesize
208KB

Download
memory/2008-140-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2008-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2016-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2016-154-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2544-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2544-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2760-69-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/2760-63-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads