63b228e508e96aafc50f6c9f13be2227c7f37c9a5dcf2a464166085ba99e39bf

Analysis

max time kernel
145s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5210cbdff92a15cff75155ef9eda8c45.exe
Size

208KB
MD5

5210cbdff92a15cff75155ef9eda8c45
SHA1

42afb6002f6c13396fb3a266000d84c1516f301f
SHA256

63b228e508e96aafc50f6c9f13be2227c7f37c9a5dcf2a464166085ba99e39bf
SHA512

2743dc2a941f67345f676b44caf018b4f046f8bfdf6f218baec6f9e8bf3f18308f3b206b80d12ce2e3305b192864db3571b3d1f55e59764146da41304760796a
SSDEEP

6144:al4mjZF//qPq55PdklkF+U3NCQLUv8ZalgjuDO7KBt:Kr//qPKkU3CiUEIrD88

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2780	u.dll
2908	u.dll
772	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2708	cmd.exe
2708	cmd.exe
2708	cmd.exe
2708	cmd.exe
2908	u.dll
2908	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2708	3056	5210cbdff92a15cff75155ef9eda8c45.exe	29
PID 3056 wrote to memory of 2708	3056	5210cbdff92a15cff75155ef9eda8c45.exe	29
PID 3056 wrote to memory of 2708	3056	5210cbdff92a15cff75155ef9eda8c45.exe	29
PID 3056 wrote to memory of 2708	3056	5210cbdff92a15cff75155ef9eda8c45.exe	29
PID 2708 wrote to memory of 2780	2708	cmd.exe	30
PID 2708 wrote to memory of 2780	2708	cmd.exe	30
PID 2708 wrote to memory of 2780	2708	cmd.exe	30
PID 2708 wrote to memory of 2780	2708	cmd.exe	30
PID 2708 wrote to memory of 2908	2708	cmd.exe	31
PID 2708 wrote to memory of 2908	2708	cmd.exe	31
PID 2708 wrote to memory of 2908	2708	cmd.exe	31
PID 2708 wrote to memory of 2908	2708	cmd.exe	31
PID 2908 wrote to memory of 772	2908	u.dll	32
PID 2908 wrote to memory of 772	2908	u.dll	32
PID 2908 wrote to memory of 772	2908	u.dll	32
PID 2908 wrote to memory of 772	2908	u.dll	32
PID 2708 wrote to memory of 2888	2708	cmd.exe	33
PID 2708 wrote to memory of 2888	2708	cmd.exe	33
PID 2708 wrote to memory of 2888	2708	cmd.exe	33
PID 2708 wrote to memory of 2888	2708	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\5210cbdff92a15cff75155ef9eda8c45.exe
"C:\Users\Admin\AppData\Local\Temp\5210cbdff92a15cff75155ef9eda8c45.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\697D.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 5210cbdff92a15cff75155ef9eda8c45.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\7C13.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\7C13.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe7C14.tmp"
      4⤵
      Executes dropped EXE
      PID:772
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\697D.tmp\vir.bat

Filesize
1KB

MD5
ced0af12a5ad2462ff4d4b613fc2b47f

SHA1
e8b54118fa86bd46a64c1be103387ed8c4ebdc89

SHA256
289e1378f365ec6fa819246f044ff1120a2194b335d32ee42e97fc04a8cc35d9

SHA512
1e7502ff36c93a07bfc7bddb8bc206f5741bd5f9094e540aecad67a97e035cd2f24cc010e883cdc26b23d6a5f48b76cf5b7a968c492edd5237f071152b79cf53

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7C14.tmp

Filesize
24KB

MD5
8dd52bfe2f56ec20402bef5dafe49e83

SHA1
c29e3c436ab92db5326b5d31455202accf8cc98f

SHA256
e35ee21199e637983ccc35c7b648e694f6e5d6993ec12fe99db553270331a880

SHA512
ede99c417e95ef2fd36e8532d7e90cc4ba81800a8d826a0a17ee87e48152013e1cda09bdc1b74f567ee393248a283a443297c9e249ccd544cfb6fcd1ee2b8871

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7C14.tmp

Filesize
41KB

MD5
9cdcf02f847ddde1f3b62c676c5cc737

SHA1
1e28bc7716cb6adb55b1b397dbabbe31adba3cf2

SHA256
d7726cc05bcd788912a23fc85f233775da28cb0d4d2920c2be66e5cc69e2b7ae

SHA512
438303dceafa36ac40271d6b7759248357109cc479a53dd4eb472ab35d51f333f629be2da54fc113bcdcf2bb4bdf4201b5075351842d20d7e818c80a31b88e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
375KB

MD5
e958e088951f03288c94772b819b6de6

SHA1
b6d7d3ac7a11ad309ffb9f433169d9468a9c9440

SHA256
cb35a930778a0b76b3271fbdc352d64fdee67b44969d2e0ac4b3d20cef924ff9

SHA512
bcce4f2de1f7ced00d5605afff37689a8a412eb1e85e8190c804401bd7364ea8c48b34b0c292c06efdf18f6bd7b1e838f4551b9ecaaf361a6cc0d4ea0fe412b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
290KB

MD5
6cd674ad2db6bebc9048bfed243083fd

SHA1
e82d41eaf4d40c626a455813c5be49203e3673c2

SHA256
86cd8175ef55c908352e3025de4a5c591d9a11a61897a3c5ef65e6a8a472322b

SHA512
c5296c8102ede38a08a0a35d9af3d2a38bd2c15c8cd914b837b7a754b1daa60f2334c59040f4b6122c1849f31cc14396212867e8b295d5ee123e41dea9e23645

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
218KB

MD5
cf12d20d4caa4162ae77101eaa8c2413

SHA1
987fd568cdff8858fde880aaee92488691853ddb

SHA256
5cab774d9c89af5b06e61711549430b3e7cecb5b096a204a607b710619857558

SHA512
dc8f68a51879ad8eda402c46af8a601c986f9d52f0fe3cd4e65d1366eda05ef689d20f17d0efe42766cfa1eec70bcb0a0979b297793799c3b7a1034c6fbb5b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
ac3e2f16df5b8e004bc7528957957c95

SHA1
318dfb96abdc8e9d3778788dfdbb1f3dba885fba

SHA256
c53ac431faed8f5ab7c67b254f913efe0dceaafdbf26b02b930d07f45d840fe2

SHA512
4c60d3b255c38807a104e4362493dbf651fb8893633e94ee9a4c69770773f8d7bf95d310051154b9bd74d6eb1993626a5eb107e74e891d681f0398c64a7ebaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
9e3095fd59e4045a29557c38aae2a3c5

SHA1
76d1df3a9aef1190b3bdcac4115ff547399c15fa

SHA256
59c21579af616e9a662992df94d63a68f07989e8854d3fc761b372931fa02dec

SHA512
d48b99ecfb7e64699cd10b575f86302119fd085208dabf67f2f3e2a4d59f4bed133096db4347360a7470c2eb90ea4f33f98f8a1293960e79e18f999bfd9d75fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
6a0565f467b8f23b0f2c5076f3915f42

SHA1
7b3e0800130f327d5cc5d07721ab3831b0f7b2be

SHA256
b1b295f2c2161d513c415dc2f2f9183050e53bfbdc574584bf77548fbfdcb65b

SHA512
318a0606a55fe83ddbe2554a41f44d021802659ecc03309f36a08fd2442702860e6fd0eef2f1009b3928a30b823cea2a3e9744c3b25ccdc7438874f997534fbc

Download Submit
\Users\Admin\AppData\Local\Temp\7C13.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
257KB

MD5
424c0712f0c2a9bef27b50aa1066c730

SHA1
19256c192fed46596c3ecf8976f0da6751c2eed4

SHA256
818ba15815fa807acfddd52babe2e519d324b2e711fbd038cf3225522a25db53

SHA512
dfe535c2b4729b2da356bb9c8f7ecf0e9a4afe85e996b1db64e6ef61ab79dd22d1548fecedc2fb6ef89349c343c6e147bf5db280ad7e1717742a2bc91a2a0943

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
91KB

MD5
57fec4634339cd4221930b5b9159cb4a

SHA1
227ad24aa03d07b0fb988d3004acad592b3f5120

SHA256
fd4adfe9fa7913868efa1bef8c42396c09f005d01e68e9025321a9937f60fe44

SHA512
505b70056c58e0712a714e3dc7d86163cd8d6cf42e9c17a0c1555ad4d0c7508c5ea1393f57e7bfcf85e86a183c3d45601b65c5e087c637be9038dfc2ad04a3ae

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
591KB

MD5
1ae5cf36d2e3e4f6cbb2b7af9e4dd85d

SHA1
b8ee3b7fcda74f8b6c8128a6753f267d5b3f7964

SHA256
b2ab90a13a53da62d8434f11b18891364abba722043813196c095bf4b892f596

SHA512
9a6d0c33436b36b620bdcc15acd844f569b11c09d4adc9777c9017d175fdada6a66ef6618a54354c6d7c75225457c009089e1199c2e1d79c49d2042e0e92deae

Download Submit
memory/772-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/772-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2908-90-0x00000000005B0000-0x00000000005E4000-memory.dmp

Filesize
208KB

Download
memory/2908-98-0x00000000005B0000-0x00000000005E4000-memory.dmp

Filesize
208KB

Download
memory/3056-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3056-114-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads