313098e774018f4361923fc875a9cb2d9e6f073e74908deba605b8d2d9362c36

Analysis

max time kernel
140s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47a7a10865dc1b53c0b67bebe61a4422.exe
Size

208KB
MD5

47a7a10865dc1b53c0b67bebe61a4422
SHA1

bce14f250ae0fd85cf4d1dc2aef5be64148603b9
SHA256

313098e774018f4361923fc875a9cb2d9e6f073e74908deba605b8d2d9362c36
SHA512

9f0182a7da56190f14694679084feece4857de277df8d1cef9487f886a2a2219bb34284eafa92a45ff328504d31b3c1a3046c554519450cabd5d4482f170467f
SSDEEP

6144:LlhZKAY72fMsp4DSbP+KY5P6tRneYHOV7+RaCnS:BF4hSxEP4Rn/OV+RasS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2104	u.dll
2748	mpress.exe
2152	u.dll
1928	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2028	cmd.exe
2028	cmd.exe
2104	u.dll
2104	u.dll
2028	cmd.exe
2028	cmd.exe
2152	u.dll
2152	u.dll

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2028	2356	47a7a10865dc1b53c0b67bebe61a4422.exe	29
PID 2356 wrote to memory of 2028	2356	47a7a10865dc1b53c0b67bebe61a4422.exe	29
PID 2356 wrote to memory of 2028	2356	47a7a10865dc1b53c0b67bebe61a4422.exe	29
PID 2356 wrote to memory of 2028	2356	47a7a10865dc1b53c0b67bebe61a4422.exe	29
PID 2028 wrote to memory of 2104	2028	cmd.exe	30
PID 2028 wrote to memory of 2104	2028	cmd.exe	30
PID 2028 wrote to memory of 2104	2028	cmd.exe	30
PID 2028 wrote to memory of 2104	2028	cmd.exe	30
PID 2104 wrote to memory of 2748	2104	u.dll	31
PID 2104 wrote to memory of 2748	2104	u.dll	31
PID 2104 wrote to memory of 2748	2104	u.dll	31
PID 2104 wrote to memory of 2748	2104	u.dll	31
PID 2028 wrote to memory of 2152	2028	cmd.exe	32
PID 2028 wrote to memory of 2152	2028	cmd.exe	32
PID 2028 wrote to memory of 2152	2028	cmd.exe	32
PID 2028 wrote to memory of 2152	2028	cmd.exe	32
PID 2152 wrote to memory of 1928	2152	u.dll	33
PID 2152 wrote to memory of 1928	2152	u.dll	33
PID 2152 wrote to memory of 1928	2152	u.dll	33
PID 2152 wrote to memory of 1928	2152	u.dll	33
PID 2028 wrote to memory of 1704	2028	cmd.exe	34
PID 2028 wrote to memory of 1704	2028	cmd.exe	34
PID 2028 wrote to memory of 1704	2028	cmd.exe	34
PID 2028 wrote to memory of 1704	2028	cmd.exe	34
PID 2028 wrote to memory of 1600	2028	cmd.exe	35
PID 2028 wrote to memory of 1600	2028	cmd.exe	35
PID 2028 wrote to memory of 1600	2028	cmd.exe	35
PID 2028 wrote to memory of 1600	2028	cmd.exe	35
PID 2028 wrote to memory of 1980	2028	cmd.exe	36
PID 2028 wrote to memory of 1980	2028	cmd.exe	36
PID 2028 wrote to memory of 1980	2028	cmd.exe	36
PID 2028 wrote to memory of 1980	2028	cmd.exe	36
PID 2028 wrote to memory of 2640	2028	cmd.exe	37
PID 2028 wrote to memory of 2640	2028	cmd.exe	37
PID 2028 wrote to memory of 2640	2028	cmd.exe	37
PID 2028 wrote to memory of 2640	2028	cmd.exe	37
PID 2028 wrote to memory of 1488	2028	cmd.exe	38
PID 2028 wrote to memory of 1488	2028	cmd.exe	38
PID 2028 wrote to memory of 1488	2028	cmd.exe	38
PID 2028 wrote to memory of 1488	2028	cmd.exe	38
PID 2028 wrote to memory of 1124	2028	cmd.exe	39
PID 2028 wrote to memory of 1124	2028	cmd.exe	39
PID 2028 wrote to memory of 1124	2028	cmd.exe	39
PID 2028 wrote to memory of 1124	2028	cmd.exe	39
PID 2028 wrote to memory of 1900	2028	cmd.exe	40
PID 2028 wrote to memory of 1900	2028	cmd.exe	40
PID 2028 wrote to memory of 1900	2028	cmd.exe	40
PID 2028 wrote to memory of 1900	2028	cmd.exe	40
PID 2028 wrote to memory of 1648	2028	cmd.exe	41
PID 2028 wrote to memory of 1648	2028	cmd.exe	41
PID 2028 wrote to memory of 1648	2028	cmd.exe	41
PID 2028 wrote to memory of 1648	2028	cmd.exe	41
PID 2028 wrote to memory of 1852	2028	cmd.exe	42
PID 2028 wrote to memory of 1852	2028	cmd.exe	42
PID 2028 wrote to memory of 1852	2028	cmd.exe	42
PID 2028 wrote to memory of 1852	2028	cmd.exe	42
PID 2028 wrote to memory of 1636	2028	cmd.exe	43
PID 2028 wrote to memory of 1636	2028	cmd.exe	43
PID 2028 wrote to memory of 1636	2028	cmd.exe	43
PID 2028 wrote to memory of 1636	2028	cmd.exe	43
PID 2028 wrote to memory of 1616	2028	cmd.exe	44
PID 2028 wrote to memory of 1616	2028	cmd.exe	44
PID 2028 wrote to memory of 1616	2028	cmd.exe	44
PID 2028 wrote to memory of 1616	2028	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\47a7a10865dc1b53c0b67bebe61a4422.exe
"C:\Users\Admin\AppData\Local\Temp\47a7a10865dc1b53c0b67bebe61a4422.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\9453.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 47a7a10865dc1b53c0b67bebe61a4422.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\9666.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\9666.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9667.tmp"
      4⤵
      Executes dropped EXE
      PID:2748
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\98C6.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\98C6.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe98C7.tmp"
      4⤵
      Executes dropped EXE
      PID:1928
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1980
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1124
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1852
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1092
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1236
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1308
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9453.tmp\vir.bat

Filesize
1KB

MD5
61fe045aa65711274c22f0763f4ba929

SHA1
bcd4afa9e4852b5f2f20aead3d53ded1168a693e

SHA256
99dd5afec1ab61d3bdf5871ae71cd6439e9e0e08a4691c8fa36825aefcf96e49

SHA512
5b4767a03e18d630311ee4b108c27f9028d69c89f45e40bbacbc9ea70414caeb83eb472c50ee7db7ef5bf4ba9b4c88d0b578799c5b94654a88ca5762cba2179a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9667.tmp

Filesize
41KB

MD5
128d8a474434f0011d52427b0a8c0b6b

SHA1
873bc2da212534e2b9404d4bbec121daa4a2dd07

SHA256
541bd26d081ab2f2c77a06f817021e79cf8887bdeaf1bf2d9959f89387957209

SHA512
824bed7c8b309c35e20cef0d75588a4f6892be98cb2e59feb35e1ab8445feed354521ffb1e014366e08eda8fed6ddc6343284be56f1692bad4701229d7d0c935

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9667.tmp

Filesize
41KB

MD5
ad144df2929dd7fdf1f2c7c867dbe98f

SHA1
d639dc874337d759eb106ec8024ec3622734490f

SHA256
945a6be24a6911c202b4dd9734a8362d85cdeda599eabd06f125bb8252c459a4

SHA512
4c7f4bef5ab3f522e528480737ff86a453721a4277fb55f2b552d9f9c8647318205404dac0c1fb8ddb5e0c8a9f13d22fe2dcecbab71d19f3f742ca78fb7fc3f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9667.tmp

Filesize
24KB

MD5
7b83af392b1a1bb44cb053319eab3bea

SHA1
6c62009e636fd8629ed04bdfc57756d2ae63d4b9

SHA256
0c2e10aeec39427797fa78ec93fd40ebfc00fdaef548d25b2ad39787689222d1

SHA512
c9f01df38257de252e33726b0552d154f620a9ef665b6622445bd9a813784bd9a54dff4632de7aab3cdfb1551055ee8b93e987277fd3c6efede2881866e1f562

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe98C7.tmp

Filesize
41KB

MD5
b83585e618a2580db7d8a5400fce6940

SHA1
47ebe2a2985471fda0aef6e66619e72cae02cfae

SHA256
4835975479c26d8a87adedc452e7b8efa80fb16f3f678cc29a19b2e9420a4836

SHA512
980ec4d4ebc312fc1f1f5208a40db6b53dccfd9189c0059d196169ebf7d0510977f347ea93d94a3196cdc38810a5cc31f29f54750f73be0800de65fecc534ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe98C7.tmp

Filesize
742KB

MD5
898270c9d8f4c58fd988076df10e5ee8

SHA1
3d3c0e40ea181f82d647908bc0d94b1273b35801

SHA256
ab39f75e8071977762e36af9aa6d9c82cd35c7c4e06e141c8275a6dde0361171

SHA512
922b385be8b7edf5ba8092341c313722cd0f8f3aa0740a456711ccda1c60e265ee0858f78446b75e3b4b4c7355e563b6bdd6e0dec3ece5ef9aee51a6bc0372f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe98C7.tmp

Filesize
208KB

MD5
05608d3101d3f25e74771dd008bed3e9

SHA1
1bc4ea5caaa7b4bb1930a9f2164ef795e5d1a858

SHA256
22d301573e039df69b8fbd6978a67264d653f3f7960689c704f065f03e9b661c

SHA512
5b3ca91e5f9dadf1b2afaae83c218c4c2be761c3e54a6e8708c470cc40726b45e095d82baf95d45258ec018cf0481694395b394574d1e77ed1bd4742f1bed150

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
0d7a5598a61ab90416f47e5fbe8ecfe4

SHA1
79a72666f18bd5dd42b48cd7133ea17129bda0d7

SHA256
db399314f93f2a2e2d816a345571076401b968634ec12ab7b131e41fd79a2b72

SHA512
aec3e28d6c728cd257bb9f595569f7606d8ff6da5fc840ae874f81f8145edfbf0ae4c78fe597817045d22ba12281ed48a3bdb51d6e116848757c76d15492feab

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
7973229af1d00516488612cabf2ea391

SHA1
2aea1a7cc521e3e5678b6fca59f0c53fe07db9f5

SHA256
80f641974edf88c4c91f6d92c7a2b4948a1463fa9306c47f2754eaa07d355c8b

SHA512
8106f715585a370e242542492dc1643aff8b3104a8636a74e9de8a4f35d14fea621c36734ee3511d89e2529be527b8c93be171fc8019b3216ff8637b7195053a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e8a722f87bdd9cb2661fc5cbc84ba310

SHA1
c4976dc53ce86a3df9f52d2d37815ee0d3e9b38d

SHA256
0fa5560f7138ec10319d9cf9d30008671e339974a7d1a47d9c8c64add6adc919

SHA512
7413dc3cc032c27c7979b673b7c4af48f4f5754784498285f7bbc091b24d73f854b3cf4b7ccaef176a76367c71692a5d1a643d649488deecd8722ecb49f26d18

Download Submit
\Users\Admin\AppData\Local\Temp\9666.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1928-139-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1928-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2104-67-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/2104-62-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/2356-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2356-156-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2748-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2748-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads