eb4487d3d3acea2a89c844ce494e0d545c3eceb69a95a57517dfe6e582aab439

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cda9f81511494941e6e3d44b4fe82bc.exe
Size

208KB
MD5

4cda9f81511494941e6e3d44b4fe82bc
SHA1

6cc6c64be2ca0e25b171fd932b08c1b3702191b2
SHA256

eb4487d3d3acea2a89c844ce494e0d545c3eceb69a95a57517dfe6e582aab439
SHA512

843ae7831001a40093e5d1bc9375df42780e90947eae65c05931a20ddc524aebd45a337efecb25a7ec5643601887fd916d5757b5a2a7be2525d32c2054fdac74
SSDEEP

6144:zl4mjZF//HvbDWqRwQhkPURTZ97FU0hLj:nr//zp2URTvxUg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2320	u.dll
2848	u.dll
2992	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2840	cmd.exe
2840	cmd.exe
2840	cmd.exe
2840	cmd.exe
2848	u.dll
2848	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2840	2236	4cda9f81511494941e6e3d44b4fe82bc.exe	29
PID 2236 wrote to memory of 2840	2236	4cda9f81511494941e6e3d44b4fe82bc.exe	29
PID 2236 wrote to memory of 2840	2236	4cda9f81511494941e6e3d44b4fe82bc.exe	29
PID 2236 wrote to memory of 2840	2236	4cda9f81511494941e6e3d44b4fe82bc.exe	29
PID 2840 wrote to memory of 2320	2840	cmd.exe	30
PID 2840 wrote to memory of 2320	2840	cmd.exe	30
PID 2840 wrote to memory of 2320	2840	cmd.exe	30
PID 2840 wrote to memory of 2320	2840	cmd.exe	30
PID 2840 wrote to memory of 2848	2840	cmd.exe	31
PID 2840 wrote to memory of 2848	2840	cmd.exe	31
PID 2840 wrote to memory of 2848	2840	cmd.exe	31
PID 2840 wrote to memory of 2848	2840	cmd.exe	31
PID 2848 wrote to memory of 2992	2848	u.dll	32
PID 2848 wrote to memory of 2992	2848	u.dll	32
PID 2848 wrote to memory of 2992	2848	u.dll	32
PID 2848 wrote to memory of 2992	2848	u.dll	32
PID 2840 wrote to memory of 1332	2840	cmd.exe	33
PID 2840 wrote to memory of 1332	2840	cmd.exe	33
PID 2840 wrote to memory of 1332	2840	cmd.exe	33
PID 2840 wrote to memory of 1332	2840	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\4cda9f81511494941e6e3d44b4fe82bc.exe
"C:\Users\Admin\AppData\Local\Temp\4cda9f81511494941e6e3d44b4fe82bc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\819E.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 4cda9f81511494941e6e3d44b4fe82bc.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\9C7E.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\9C7E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9C7F.tmp"
      4⤵
      Executes dropped EXE
      PID:2992
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\819E.tmp\vir.bat

Filesize
1KB

MD5
097a40b8d56fa2fb3142a620d468ffb3

SHA1
56ede7655d773021fe6546459494757d80d7b893

SHA256
be97dcd69fb4bb8521fa52ba880ff7652a87a6425183aa4c47dc207362b4f2df

SHA512
b316e9692dd8b1f2c40ca18fee1815548356299da226666fb5943a88b9dfb1ad51bef067bdbf475f733370e2359ef15f4b134c1d9feae2c8067017b67ee13726

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9C7F.tmp

Filesize
41KB

MD5
2f87d51a25727565f97919c6e256755e

SHA1
7c52eede6d9acc8aa9ffe9a2a6d0b5826236bd87

SHA256
e55f04bee4d38617f02100199e9e1d3a59fc056fec42f176f0bdd57b30ef0da8

SHA512
4bfef26ba56ce3dde64447c59f880c590bc42c351d2bfabd0ab55a26ac4e022c1a309bb0d46206a569f35484e5f126a212f6f0379a2b57588413dfdfd76010da

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9C7F.tmp

Filesize
41KB

MD5
9cdcf02f847ddde1f3b62c676c5cc737

SHA1
1e28bc7716cb6adb55b1b397dbabbe31adba3cf2

SHA256
d7726cc05bcd788912a23fc85f233775da28cb0d4d2920c2be66e5cc69e2b7ae

SHA512
438303dceafa36ac40271d6b7759248357109cc479a53dd4eb472ab35d51f333f629be2da54fc113bcdcf2bb4bdf4201b5075351842d20d7e818c80a31b88e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9C7F.tmp

Filesize
25KB

MD5
a56e137ce7967c2e7d65955b736a250c

SHA1
21404998c9aae560c902d00daeafbed0980c555b

SHA256
3487d6934e2f9afbfd8e2cf41109c867a0dcd2fec9d2928c05121020fb17a951

SHA512
0e6267cf093125053e760082ad15b7fb76c3141dd2b1049665161aaa4861ae2aaed89fad050c1adcb35d2b38cb2fa2c3390296f191b703cea2e02dd4d95c7471

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9C7F.tmp

Filesize
42KB

MD5
c11afdf9bb0a70d267a1ae6d24c4957c

SHA1
fa9c2f3aa343b419c1345325294991fc7900cb5e

SHA256
b8b09fae7a1a743c0e9d0f027735e73bc44c02ceef886b2249ab3f85072870ac

SHA512
3f67f399961c4152b4bd40843b60e2718ce958ced2aaaad7fe226444dcb7818d21e83b4bdad43f7b0d3605d3fb538a3871d668aa682932d3582177e88b1b3030

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
ac3e2f16df5b8e004bc7528957957c95

SHA1
318dfb96abdc8e9d3778788dfdbb1f3dba885fba

SHA256
c53ac431faed8f5ab7c67b254f913efe0dceaafdbf26b02b930d07f45d840fe2

SHA512
4c60d3b255c38807a104e4362493dbf651fb8893633e94ee9a4c69770773f8d7bf95d310051154b9bd74d6eb1993626a5eb107e74e891d681f0398c64a7ebaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2378525b1fd9f863b3bf754e46afefee

SHA1
827f9c6357d33f2f9a7cd3f53ff6d842bdef1837

SHA256
9545203f1d31d5986c41c2e8727006233d56abc61a83ac261af6dd2ca64dfb69

SHA512
af0f8339d2dee1ca862d2e97162bc6ccf978b21380be1aef1e67a0a9a410e86c2dd094f0e1a8240ca6849a03a9192cd8de8783159cf68c2bb4d8ebd8a996391c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
07304500bd489a6a8c32430b4cf0f9e1

SHA1
3da9b41612b7b74e7ea65e11d2f9a01a51c0961d

SHA256
1295589d64269bda763f9a8a8247cdf3a343b99ac80e322adf2c3ab6f829ed12

SHA512
89e4ff6904b04ee444dfdf483e887551b8c626e500ac2ab4c59c8ce460e6a88be4c00c71624111f26695291e955a79a8cc198addc3a0512bac1be01359a4208e

Download Submit
\Users\Admin\AppData\Local\Temp\9C7E.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2236-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2236-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2848-87-0x0000000000330000-0x0000000000364000-memory.dmp

Filesize
208KB

Download
memory/2992-94-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2992-100-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads