a520c5d81ccf5fb7701c0540f4fac5046e9e8b2ea94f2fd808baa16b50f8d9e8

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ed3921e940ee7d187b6ff39e253853d.exe
Size

209KB
MD5

4ed3921e940ee7d187b6ff39e253853d
SHA1

ae3a3acb97f42f52e50cdd93a7643be732f286ca
SHA256

a520c5d81ccf5fb7701c0540f4fac5046e9e8b2ea94f2fd808baa16b50f8d9e8
SHA512

c19835ab6cfdf46e3a336ab2698c37703cdf65bbadffc8b42454c47c84dd076cab0025db47a92c0fb5bf74c5559058736c27f87802e386d816aa312c4baab0c8
SSDEEP

3072:TlUz9nfwWiUVPtaebCOWiDyz0+amogwQQqA9k/0wMFZ9UMmICmvCZYO:TlUzEUNttCX2mDwQQp9k/0LMaCZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2744	u.dll
2616	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2792	cmd.exe
2792	cmd.exe
2792	cmd.exe
2792	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2792	2772	4ed3921e940ee7d187b6ff39e253853d.exe	29
PID 2772 wrote to memory of 2792	2772	4ed3921e940ee7d187b6ff39e253853d.exe	29
PID 2772 wrote to memory of 2792	2772	4ed3921e940ee7d187b6ff39e253853d.exe	29
PID 2772 wrote to memory of 2792	2772	4ed3921e940ee7d187b6ff39e253853d.exe	29
PID 2792 wrote to memory of 2744	2792	cmd.exe	30
PID 2792 wrote to memory of 2744	2792	cmd.exe	30
PID 2792 wrote to memory of 2744	2792	cmd.exe	30
PID 2792 wrote to memory of 2744	2792	cmd.exe	30
PID 2792 wrote to memory of 2616	2792	cmd.exe	31
PID 2792 wrote to memory of 2616	2792	cmd.exe	31
PID 2792 wrote to memory of 2616	2792	cmd.exe	31
PID 2792 wrote to memory of 2616	2792	cmd.exe	31
PID 2792 wrote to memory of 1760	2792	cmd.exe	32
PID 2792 wrote to memory of 1760	2792	cmd.exe	32
PID 2792 wrote to memory of 1760	2792	cmd.exe	32
PID 2792 wrote to memory of 1760	2792	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\4ed3921e940ee7d187b6ff39e253853d.exe
"C:\Users\Admin\AppData\Local\Temp\4ed3921e940ee7d187b6ff39e253853d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7687.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 4ed3921e940ee7d187b6ff39e253853d.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2616
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7687.tmp\vir.bat

Filesize
2KB

MD5
a82b16df789a5f6c704ed18b8edaf84a

SHA1
5558013a3b0f5640e00cc868e3f17855e2efd689

SHA256
13d9edea0b722d4941647aa8153ce877a94b8fa4c641887e7309801097df77af

SHA512
60074e236d290ee26dcb727a73bb003a2b1b3a4cff15346b2768d39cb9d689b0b6cc874f7de37a58624025ec6df0872d4b066e1bde48afe509b1d6cb583fbfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
11585f18c9216b57877b16053bfd5b47

SHA1
aa3d4a53611dc2e8645a1473556e477ef4882dc4

SHA256
dc21e0697b91315cbd903f8e3bd5fdd2085815da56fe5ca696d3b17dd09ae9cc

SHA512
84218aa1df912e039948bbf6e9cc0f129bcc12f84d37a192a5d8e970d22ebb16bebc12cd8c7953a0488e32771503be74e0c40d0312972046723d647f8dd5741d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
a1f46e66be423a36931c4328b7782a02

SHA1
30c69289c87b2cfdb8868a360ec26dad810403dc

SHA256
3934dcdb7ad5eb1d0252590c9a322f631cc2f5ccf94c2ee57db61aa638673901

SHA512
4b6734b3393ac368430a705381944ddcb4fde301b0068af8b29d52ad4b7997e72ac868605c8ba073ecdd9cba44d37d56a91953a09324a6eba7c5c54e3f81e19c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
4fde2ecb40e3e918aea358e8cfe42492

SHA1
849016d4bf3be014ba889b11b974eb205762d97c

SHA256
f498c6a5d6f8d8153840263e4f4d559a94b0c967ee889681305cdc6c573c188b

SHA512
d219ee1e36f0b10190169cb3008874a2b58abdce498fbd10aa72caf8c3d732842336327c7ca7202ca8d2ada8821349ac0b9f6be92bac871e8690c51b10a1601f

Download Submit
memory/2772-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2772-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads