8b180b4cdbc841de40fb864348059a7f3a67c0a1925900f5cc0bf442c996bc67

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4caf3ac71560c06f1c0df5c0d5d9a75b.exe
Size

209KB
MD5

4caf3ac71560c06f1c0df5c0d5d9a75b
SHA1

5e109bf1e2493bc92938c43671e6ffd5483557f1
SHA256

8b180b4cdbc841de40fb864348059a7f3a67c0a1925900f5cc0bf442c996bc67
SHA512

a80f33e3b0c7b4ed0dde1b18184dd6b81e1a5218f10bf37592c6fe95b6c3fa21ce28f94421f959e85fd9cfa6a57cb69164b9d39535e8a9fc8907f3ae8a5e90f4
SSDEEP

3072:2lV+n6auy/y0rit3uh2biDAMKVyeMWQNYKZPqDl2FjOiG+:2l0n6auyJ63u02DAFMYUPCl4qiG+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2988	u.dll
2708	u.dll
2920	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2828	cmd.exe
2828	cmd.exe
2828	cmd.exe
2828	cmd.exe
2708	u.dll
2708	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2828	2124	4caf3ac71560c06f1c0df5c0d5d9a75b.exe	16
PID 2124 wrote to memory of 2828	2124	4caf3ac71560c06f1c0df5c0d5d9a75b.exe	16
PID 2124 wrote to memory of 2828	2124	4caf3ac71560c06f1c0df5c0d5d9a75b.exe	16
PID 2124 wrote to memory of 2828	2124	4caf3ac71560c06f1c0df5c0d5d9a75b.exe	16
PID 2828 wrote to memory of 2988	2828	cmd.exe	17
PID 2828 wrote to memory of 2988	2828	cmd.exe	17
PID 2828 wrote to memory of 2988	2828	cmd.exe	17
PID 2828 wrote to memory of 2988	2828	cmd.exe	17
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2828 wrote to memory of 2708	2828	cmd.exe	33
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2708 wrote to memory of 2920	2708	u.dll	32
PID 2828 wrote to memory of 2756	2828	cmd.exe	31
PID 2828 wrote to memory of 2756	2828	cmd.exe	31
PID 2828 wrote to memory of 2756	2828	cmd.exe	31
PID 2828 wrote to memory of 2756	2828	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\4caf3ac71560c06f1c0df5c0d5d9a75b.exe
"C:\Users\Admin\AppData\Local\Temp\4caf3ac71560c06f1c0df5c0d5d9a75b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\83B.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 4caf3ac71560c06f1c0df5c0d5d9a75b.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2988
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2708

C:\Users\Admin\AppData\Local\Temp\2433.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\2433.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe2434.tmp"
1⤵
- Executes dropped EXE
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2433.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\83B.tmp\vir.bat

Filesize
1KB

MD5
bbb222f951953cc0ac88a4bcba3a0469

SHA1
24ab2ef5d0e07044579b038889557ba049729e7b

SHA256
2ef9079ae93464af62b88452c8422cc625ef1f8e1027d6bc6c3f4968c0bfa658

SHA512
186702cdcc0ed8420f7fdd164564a4c4c666fb9febd48dd37b249bc15397e9b88a9ae4aa207d490e49cdaa8118f83f176cec412ecedebd29362db433a818f66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe2434.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe2434.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
495KB

MD5
814eb965abf06230391a3bc8d0db9908

SHA1
d8984e954189aec011636bb4ec454e5131c11b1c

SHA256
7ec3aae4cd0318de5980398718ee49dde9faee2445d547ec48d46b1c7771ddda

SHA512
dad07422ccc52078443c47faebe5cddc566ae561ce398e297a1e06e238adaa2d61a446c85d5fc2cf44770c460037ace2d6b1cf6cb7ca407cd04c32c462c66378

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
547KB

MD5
85c49bf16e173431037b3d757f1ebcd3

SHA1
a7ee245096e391f6e940403d5752f25e63a6566f

SHA256
69d26bbe56b0c5c91bd621c7e1bb35b78814a1801b041f4a796b5b8b7ad656bb

SHA512
de1232cf1030b05f28c48038b3925b3e2b579581d811efb21c7684b490d9b2f862655be061d4961a31b00a3030dc58a0cca29075b6858bdbc3447bcc9f4c505d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
670KB

MD5
d2791923aab5a713b0e730d63a453412

SHA1
25e7d5f919b8d5a69af1c91347314c7b92056ec0

SHA256
525a4ba70ff8bd86630c260a624786e9b2cebaa389a433b24de44f748dc9ac0b

SHA512
c9d10ed9165b1a741b7191db669520c8af8f18035a6d3e7db78d04ba648c9cb8b064d977e97948a9208fd2b1268648e2a154552d14da224a5cdf096ab7fa2af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
210KB

MD5
890d6bff84c127e30d0e293d4ca94399

SHA1
8271bd5aedfd51b4f4c6acdc1915cc68f01469f5

SHA256
65c2ae044886ebfe3429916e995d8c99a41a13418c7f401fe725398a65fa9765

SHA512
8fb6ffbba294c03582f75d9d60e48aa7b9b3bdb8c29e28d4a3731de81310a3b899e15c8622eaf7c1932ec08eee322861872133ac5e1376a87043e3ed0a2d3a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e906cda4dbd025aca71ba7b8c94589ba

SHA1
e36e6f52847930ffeec9402f9aed9f1d303f88a0

SHA256
8e0fd6a7d421007c7a57db9fc31d336ca99bc0b46f8020c88e827904a315867f

SHA512
48136cf7b5298ce7793a7cb590b859ee6567fa57a904370168cf093344701c1d2cf7bb956dcb3d7408b691988e051effb45412b653d9dcd1ed5d771fbae9a55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
0f22e5ef62a33f69495329d6b0f2ec55

SHA1
10767a4e4f0578f19638f7226cdcc5a3f8625479

SHA256
00f878244a4d9e07634bea2f26d28a19565ca75d55f0ba351b6d0d2d87e4406c

SHA512
a23e4758f3fce182930a911c90a32e17a0e86190a4f5656381b0571ccb55e116c86b66499dce83deceb025a438eb1af2beb9f0ad80d59d222b621f0c4afd5ba6

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
486KB

MD5
4215eb14d7595a0f39b3125209f0360c

SHA1
a2c8e938ccbd4f01e105c58ece728781b2054372

SHA256
b12aba7a8f0d6dc61358e7ac02132d3d1e06e9669005c9515e1d8f79b4328ed9

SHA512
9565f6aceee7cdc9503d6db3e8fa5dda7052f838bcc6353529578857ee40b2e562e09bf5d5af9ccd4bfee476bbf3edc1dfb8323cde114d5e99817efdef19cd1b

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
483KB

MD5
4b5a1d2925c8e0b7ab9a623dc99fc0ad

SHA1
9bc156560c6caf2e27b10388539c1efd6389ba3c

SHA256
2010776906b1a1fc9a76fd5d8e686c19c6838584d59cacddad30a26df1abe466

SHA512
c14bc8d9138103721b38d99b3b3b53a07f023c939ea5c0cc0d4923d81741ef55fc936f71b738729320ee3a85d5dfdefeb7e3d4f59d40b8ec40b812ac0adcc99a

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
424KB

MD5
5e34c56f9481c559c67d98db97730d0e

SHA1
7d26e67f0f0be2e978cb735b29d00e9251e9c5ad

SHA256
bd89d114751dddd5b92d14521d8f9d3a7766d75acb60830e115b1e60ab74fe3f

SHA512
37ad8d4c9ecaa414e5d69800c3191ebf6d08eea1fc31be3671adade196ecbe3acee8f306711539bd657ec831de26490e10dc0cbd27d51a1efe9de64913324514

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
247KB

MD5
3183688bbf2ab1fa84e6af39328a7705

SHA1
6548cb7925f8ba184e83ae9db940cca2a020e3e9

SHA256
cbcf545723d4a975bbf056747a738b6f9edc084cd41190f8f1f6b4d97e38b3ce

SHA512
7e65e1c05a0f2d6285605151a30f72aa0aa83580814b45d555f8553a11d5e99b3c60725d0e45331b3236292d9a5a3333e3714ba67c61214b3e13f07ca6ad411e

Download Submit
memory/2124-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2124-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2708-97-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2708-94-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2920-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2920-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads