3d0932e4807b81218e291e619ac0f971a2b2116ccb31655dff4cf2428cced9ac

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 22:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

54d0ed7e99d84ccb63e403667461a107.exe
Size

209KB
MD5

54d0ed7e99d84ccb63e403667461a107
SHA1

dd0d482a0e7688a7a6cb9ae334f72db37ca5b807
SHA256

3d0932e4807b81218e291e619ac0f971a2b2116ccb31655dff4cf2428cced9ac
SHA512

d7780f3b77cf71f9b298ec573bbb2920ec84431b765d84fdeccce44e7287af02b01ae16ff0a055cd3a1b7dc1dced29326d99f8bd7f2b3f7007808d492058f9be
SSDEEP

6144:qli5VpBKEb4dAfQl9OBvsGee2h6P5+aUO5+lP:NME0J9OBvsMUOCP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2416	u.dll
2624	mpress.exe
624	u.dll
2200	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2408	cmd.exe
2408	cmd.exe
2416	u.dll
2416	u.dll
2408	cmd.exe
2408	cmd.exe
624	u.dll
624	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2408	1300	54d0ed7e99d84ccb63e403667461a107.exe	29
PID 1300 wrote to memory of 2408	1300	54d0ed7e99d84ccb63e403667461a107.exe	29
PID 1300 wrote to memory of 2408	1300	54d0ed7e99d84ccb63e403667461a107.exe	29
PID 1300 wrote to memory of 2408	1300	54d0ed7e99d84ccb63e403667461a107.exe	29
PID 2408 wrote to memory of 2416	2408	cmd.exe	30
PID 2408 wrote to memory of 2416	2408	cmd.exe	30
PID 2408 wrote to memory of 2416	2408	cmd.exe	30
PID 2408 wrote to memory of 2416	2408	cmd.exe	30
PID 2416 wrote to memory of 2624	2416	u.dll	34
PID 2416 wrote to memory of 2624	2416	u.dll	34
PID 2416 wrote to memory of 2624	2416	u.dll	34
PID 2416 wrote to memory of 2624	2416	u.dll	34
PID 2408 wrote to memory of 624	2408	cmd.exe	31
PID 2408 wrote to memory of 624	2408	cmd.exe	31
PID 2408 wrote to memory of 624	2408	cmd.exe	31
PID 2408 wrote to memory of 624	2408	cmd.exe	31
PID 624 wrote to memory of 2200	624	u.dll	33
PID 624 wrote to memory of 2200	624	u.dll	33
PID 624 wrote to memory of 2200	624	u.dll	33
PID 624 wrote to memory of 2200	624	u.dll	33
PID 2408 wrote to memory of 2012	2408	cmd.exe	32
PID 2408 wrote to memory of 2012	2408	cmd.exe	32
PID 2408 wrote to memory of 2012	2408	cmd.exe	32
PID 2408 wrote to memory of 2012	2408	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\54d0ed7e99d84ccb63e403667461a107.exe
"C:\Users\Admin\AppData\Local\Temp\54d0ed7e99d84ccb63e403667461a107.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\EB0.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 54d0ed7e99d84ccb63e403667461a107.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\F2D.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\F2D.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeF2E.tmp"
      4⤵
      Executes dropped EXE
      PID:2624
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\FF8.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\FF8.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeFF9.tmp"
      4⤵
      Executes dropped EXE
      PID:2200
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EB0.tmp\vir.bat

Filesize
2KB

MD5
3555f3c0cce0158cde70ea4e2bf7bdfa

SHA1
2c26513fa8829da875dceaa5a38b601bb112bec6

SHA256
9866699d851530f567a41ddbdd404c948e69ab803f33d856cdc0426232107058

SHA512
1c7ebf2aba7f761cc85fd3f6fe83631ff69f873ebeb855fb3849511f2af9e19e7f268a622a7e832b973869167a65377b51c434febb0e8f6b6f8972cec0dd3671

Download Submit
C:\Users\Admin\AppData\Local\Temp\F2D.tmp\mpress.exe

Filesize
55KB

MD5
2a9901a52755cc5c769318680ec52434

SHA1
6c8675f632297b710b0f10652e54c0f1b07d8382

SHA256
8a87414916b45c07081bac8ace6aa1f1333e4c2e19095fa46cd4a7aba0dd8956

SHA512
db636a0ae1ff8f25699e2597d98722a233d707cdec0a60c20720fe699ab11dde6f53eddb99093245784266faa611964a4ed3e6a66a6df2368dfce4458502cc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\F2D.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeF2E.tmp

Filesize
41KB

MD5
f6e37b5b08d4514d8347cb5ed4e670f2

SHA1
0c42b901ed5f2e9e76822ccdab3299b714a89cf0

SHA256
41ac25ee169e9baeccb3d8ccaa3be68b912286125520e56d0ed9854608966a02

SHA512
03cb6ed9236b0e5b679ba92f4e5ca07a1874717af3dcb7f24237c7431bdacfebcfecd46df500083f40f626f5ddef4b18c12feb5338924522dfd9f32751b6f301

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeF2E.tmp

Filesize
24KB

MD5
2ee399a17c0ea32edccfc8f85c5656dd

SHA1
5b8d2aa9fc07724ec5dc516f6bb394b8413562f9

SHA256
a28469395940fbbd313b48ab4f6bac264019b957fa4410b0ec02188e7e1991e8

SHA512
bafc48a3cc6140f3c67b43392506b4ff64d8ed90e4946975648bd43a11906aa133654c930f76c10065ee48b4405e76262b3861eea93f81aac42246f7ff4d377d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeFF9.tmp

Filesize
41KB

MD5
44493eae9f204d6fe939904248ac4b28

SHA1
6c610ef09dd364eb4c9e39991618e12de0952ec7

SHA256
73e81e651d08e65cedff41671dc4628da73d3a0a0e9a4b511ff56090f15bd3e9

SHA512
973014df9f093d47f82d3d0a5fe40a1a2e0adb476d3afda0858e06be818aaaef0800183d8d63677817e17d8189c546af5087b247f3f18cb2ee068f519e9e37e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeFF9.tmp

Filesize
24KB

MD5
8ffcc4b37f716f45760b7b9bb0642fcb

SHA1
b66786e4ba7d4a302f9419da28808936bb094a41

SHA256
09b167feac3844527e88d7533a888a90556e0fc06b8d40526e89b6edb44e79c8

SHA512
a816c45f9e2245c468e85e53ed6ea086864ee95d5898e053ec666c36ae9bd13f9930db80437c645d03c519457ff288a5f3eb1d2ecef53becb1b8b1eb1015b08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
82KB

MD5
6a534320c36eea535a0bd30a6f7ac340

SHA1
a2f01aff5eba67801c402aadf29f38d6d94847fb

SHA256
5660efe9ab48227471ae78b510f328a6b5e3f4070cae6130c84fec5c383a2aa7

SHA512
46b6af206ac553165eb6c431f101a6e9fd5148a5f9c84e19502813860cec4246904520be186b01ddd29023c1a95d79d89a652a79a613cc83def24dd454080f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
635KB

MD5
97fba3feb3f26458df2f5f948758fbfd

SHA1
271d1ad2fe10ccf1a3cee718cfb4aab047d69ea7

SHA256
9660a28b64fba50d6d338afd361f21a2e22822bb4c4f144ef7f92867a0caf58b

SHA512
7e59bbdcefa497d04b3565b676cb435d10a475d25f54e2dd1094f86d2ac78ffbc65ee70c9774b5336566ed853ba1cb11a06cca40083e1daa569cd78c834880bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
104KB

MD5
223cf6779a673f41349041f55a67d8f1

SHA1
63433d274beeb4c8767a1851c9395c4389601c4c

SHA256
d3b36ddab7c04bbe084bea2d33a84bbcc2bafd02f919252165128a8b363eedc5

SHA512
6a44c312ec7923f23177c38a9392a77d57eb7168e2e2808eb3f9af591a3839637ff689901c1d0de97f4196275af5dfac59c88fe62a7c8f38d6a60eed59841a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
73KB

MD5
22bfcaccbe4c1b1ba1ed3a61d996b548

SHA1
2f2ca6b6f7bd7ddbf1e90fd3644fcaccf96ebb5e

SHA256
16791645c1b62dccaeefefbe63a9857eb32308d220b95419ef350ce8af56182c

SHA512
6e12c023ae0f4f40fb7bd83eb056040bf39fce193a93708ebba8eb7aaecdeb5a6489640ebd9798c9795d89854f25f56e84d447d43b8637459afdb2a9dd24e85c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
7614167f4151a78f1e1d004a26297ee6

SHA1
acfb32eac82a44a233f313c6e311019afd4cdcd4

SHA256
5a7c357e125bd5b581f5b06acb42cb626a71e21390043c5f220a900790fa5508

SHA512
a2687b096678b2f9061a9ee6d5d3ff981ab6c666d0a2c616c203add9cd8f25e328b9429adf39ece19136d048917b668da3a3ad82fc1d3a8cee460a46f4890ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
05619fe414f091d756aaaab5aaf13db5

SHA1
b830b2571833bbd3625640f9e7cc8eaffc02e809

SHA256
1e4e663ecbc8b82337b703467670d3d68c6913a2b386262a6c1897b74acfd37c

SHA512
684aa111cde245cfed545cfcc544b7cf501ee5e6687eafa8f2e6d62a763642e0d0176dfae55bdcf1dcac8dbc32414468659fc4edaecfd1ae5e34d32ded26b565

Download Submit
\Users\Admin\AppData\Local\Temp\F2D.tmp\mpress.exe

Filesize
83KB

MD5
d4e8b872b7693bdacdf7f4f2ab49ae20

SHA1
9c39ca2f6c3e2a17ee53bfe5777ac0c8cd26abf7

SHA256
5f6a39668478c8cc06c803b637c566f442d0fbac7109201cdad25415437d38d2

SHA512
dffb6d03ae4fd6ef2a2f5572dfeb94217837e11d9fad80fd2efca89152c40b521559c75423047ec6f3656938349fd08f239e650120d12bd9859f0887053c0ba4

Download Submit
\Users\Admin\AppData\Local\Temp\FF8.tmp\mpress.exe

Filesize
98KB

MD5
7c5b82c11f9925b3a2e3393a7f602a8a

SHA1
f6efdbc024c8f6507ae862b694c341d2a908520e

SHA256
9febe09886ce7c83f1c276325f5c930f2eade32d3e8d76ab89f6de172a8ff0ff

SHA512
b2816066e69f929ad380245ce165b99a6a61c1856c426d74b89aab4b94ebbd65d883c1ca4fcf53383e6b891d7cc6248f2ecd3220f5a39faa56b8ffd45c9d52d4

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
580KB

MD5
39c5b6622d2502843e03aef774015f0b

SHA1
68ccbaa7799ca74ee4c6823f203ebd26d8a2c5e6

SHA256
7e33c20b0fc779ac54f4747b645ecc882b07294f015b951f8d9e21edbf72eeef

SHA512
593b27a7694c716488526dbcac0a8d3b177c2f78ad61a9dad56de3a939dc6ae865a322b61374d177400de64faf7a3ca70a617fdd27e33bead9e2d1a3c6568756

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
89KB

MD5
c1a2307f23ead580662079591e1655ee

SHA1
4ed748c4b0b0961f9448c0bc008218bbe8121545

SHA256
188bf7909088cf21934e95a511bce16ea6645ccf87e6b527656d59f3f51553f6

SHA512
d1d49efdd2dfb834d4dae579623bcbe397bd41e9752c30ee5e5203675ffa190d9dd1d8dec16de0e22124d733e98f22f5b6756c41bbb07ca65714a46213bd1d83

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
125KB

MD5
5a3e9ecd3a0de6240ba4161cc16a71dc

SHA1
8cf7634290a6d3259bc74d7f632e316ea45b9e16

SHA256
0c3c97a24473f4fc55f48076cbbec744d092efb2e29fe217cb9243ef90582db7

SHA512
eae2418525e8f592bf5959f84c8c4e2866c7b86e94b48659f216339e31754599ca88295eabef3858e4ebca655fe3fd445bc39771f39f69e3059017f96dee34f4

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
88KB

MD5
79382c41a8bd603a3c919acca31098f6

SHA1
fd88ab3a92b395e5f8ab13f1d2e337a687fc7919

SHA256
3989033c82c6e3500e981b1ff02bcc6ad9bba83526a27e4c8599697de4a3a532

SHA512
9ca63e0d18793cd1f598668f03fb7b4cda33a6408c50145d5a58daaab79dc3c50b982d8086016e167ee730634e31a869c2cf9b5722e91dcb031af51e85a38bd0

Download Submit
memory/624-138-0x0000000002320000-0x0000000002354000-memory.dmp

Filesize
208KB

Download
memory/1300-154-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1300-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2200-139-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2200-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2416-69-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2416-68-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2624-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2624-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads