669f7c72be53e1342d57f485a5daff14d15c7df0c28e7044c0737ff0109c3433

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

523693587f150a3bf8adff0a45e560eb.exe
Size

209KB
MD5

523693587f150a3bf8adff0a45e560eb
SHA1

837325ac5bab1913b3399a884324ef7eff6e66d0
SHA256

669f7c72be53e1342d57f485a5daff14d15c7df0c28e7044c0737ff0109c3433
SHA512

4bc9b6d9af7d3ad941a86a66ebd7930a58676e046064220c6b846fa6917c0b0dcf79e36d4bea9cb2468fa8191e86d2c2f59445275b9aa43cbad574990c03fdbf
SSDEEP

6144:olkXof2YTINt1hpXd2PbRcsdZXKJEqq4K:bXACppAZXAK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2432	u.dll
2580	mpress.exe
2436	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2852	cmd.exe
2852	cmd.exe
2432	u.dll
2432	u.dll
2852	cmd.exe
2852	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2852	2416	523693587f150a3bf8adff0a45e560eb.exe	29
PID 2416 wrote to memory of 2852	2416	523693587f150a3bf8adff0a45e560eb.exe	29
PID 2416 wrote to memory of 2852	2416	523693587f150a3bf8adff0a45e560eb.exe	29
PID 2416 wrote to memory of 2852	2416	523693587f150a3bf8adff0a45e560eb.exe	29
PID 2852 wrote to memory of 2432	2852	cmd.exe	30
PID 2852 wrote to memory of 2432	2852	cmd.exe	30
PID 2852 wrote to memory of 2432	2852	cmd.exe	30
PID 2852 wrote to memory of 2432	2852	cmd.exe	30
PID 2432 wrote to memory of 2580	2432	u.dll	32
PID 2432 wrote to memory of 2580	2432	u.dll	32
PID 2432 wrote to memory of 2580	2432	u.dll	32
PID 2432 wrote to memory of 2580	2432	u.dll	32
PID 2852 wrote to memory of 2436	2852	cmd.exe	31
PID 2852 wrote to memory of 2436	2852	cmd.exe	31
PID 2852 wrote to memory of 2436	2852	cmd.exe	31
PID 2852 wrote to memory of 2436	2852	cmd.exe	31
PID 2852 wrote to memory of 2992	2852	cmd.exe	33
PID 2852 wrote to memory of 2992	2852	cmd.exe	33
PID 2852 wrote to memory of 2992	2852	cmd.exe	33
PID 2852 wrote to memory of 2992	2852	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\523693587f150a3bf8adff0a45e560eb.exe
"C:\Users\Admin\AppData\Local\Temp\523693587f150a3bf8adff0a45e560eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4CAA.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 523693587f150a3bf8adff0a45e560eb.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\4DF1.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4DF1.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4DF2.tmp"
      4⤵
      Executes dropped EXE
      PID:2580
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2436
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4CAA.tmp\vir.bat

Filesize
1KB

MD5
f8243be4e5964ea3d467540f8d3579a7

SHA1
1bba0ab9149e376d849d67209d1cdfee22e4408b

SHA256
9ec0715f085fa9c9b4be0982985fae4bdd6f6b8d618286771236726e752e2180

SHA512
c4a5fbb508b9789d259e9f3553a917f0d5c242cd3c91e52f9fcd5de896898a964a6a35a53df2cce10bf9aa21941d44065ea010ff98e5ee03b4df3258e0a56eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\4DF1.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4DF2.tmp

Filesize
42KB

MD5
004eb9e2d1d07d914998499c4e26f2ca

SHA1
d5c7cb55c023719ec95a187226c5d7a55141fce8

SHA256
ab528a1087aaf8c57e6f840404ca807a1730e0a41af6fbc7e613f41396ced797

SHA512
30c3afe74322b3f83a002b055a7f9ee6d1241f07793b430c54d83519ae567d91da8f78409f6f41938095ff9b75b9cc76a121e16260280caf5a482277e9f15c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4DF2.tmp

Filesize
25KB

MD5
b134aa480bf1738c39aa9ebda9eb4b14

SHA1
1f7024f2e23070f424cea450b0cc24517225dbaf

SHA256
7076e3b7b985dd0d8056a5328cc731a978b0640e02801da026169259fcebedee

SHA512
74ddc54d3779d4f4dbb54d8f6ce5defd862b70099d9d99367b061932becc1b00fe209b39a602a10f7fa0e8b4216bd0bc0fee9c729183d7d246ccaeaad83e17a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4FB7.tmp

Filesize
41KB

MD5
863c72510f3c30b4e2cd208090af8b92

SHA1
3c5a6732c904ba8c3004e257d5008beb5311b7af

SHA256
87454715574db5716ae855a6dd5a09f80a0ce0adba4699b485dc3152dc3ce544

SHA512
d7356b3561c3a8e84cc004d3852e3f8562023e4819e9e07e52b3fbdbb5645c64f9a436bcaea55b24e0fdd231b16d0941ad027db9870230db38a0ca81985d452b

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
84KB

MD5
27b70ff7c85b91d03f1bc9955644c30b

SHA1
9e9f378850c08064df54fa49d193420097e98292

SHA256
ecd513569f4497f9c24b58dcd5e2645a0af0755202d629cfb7339900bda31030

SHA512
f4994dd28b1d48f320e243aece3fd53c144d0fba441638646aa5041d55f564965614d02c3826e18965df9d27164e56821281155e9598ea43b679cebc240ed41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
79KB

MD5
77c7436d56c8358c562439d4be71fe50

SHA1
ad58b49b4af613fc8c8418c1f5815f8f89583d30

SHA256
67588ded581a718e1d32956a4dbee48d34f9b4a6a3196e215289cb0c30d5e815

SHA512
b587f9cec6e859673ac61308dae9f7d27755fdfc9b64f6a571556bbce0d1b8683c42c3fe6852c465405b18117dc2bbec3c45281d83bb638964f4ba38751dcf2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
83KB

MD5
88787c18a1732cb516cf92d1979e3a28

SHA1
701b75f94f829bd4206dcea181a53cdd5f93cda8

SHA256
e4abac20f64d2a634f89604c88e105be12e23c25eec12ee56ba5e6a1353cb3d8

SHA512
80232a321c1d94ffea549d89ddd5a515687634e5f67243828cdf3ea260eada4f67a077d9a8dd4b8e57042a22923f8e2fc4411f38c777063ff87f9c0e32ad3979

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
338KB

MD5
26c5e85f073b76d823b6d74228678024

SHA1
7f9a6217828370f6187bd5efe6853132bf2ffe80

SHA256
bdeb49dd0d3efdda870174aeb1e57a00c48f7345d0f66963e5c4e6126a24cfb1

SHA512
a1acf646d5575976f2e8c620b9b4c266cb7b1259308997e254ac062d9fd3b267c441f097081f9671cc73e39421ebec027f7e2307705d8e3a4e0f3d92b91ba200

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e0f6af07f5f23b0b946cbe77250880a5

SHA1
df51d0a59222fab7bae791e2c9f78bc3621673af

SHA256
0bfb5dc8e98e8d6bd2778fb24737deee492ec17775820a219cbf0ff603d8b0b8

SHA512
cbaad163ca1698752c2a6970c7b799c4f903ec3bbace2fdb6672ae21ce0207ed50f5bc3f3c046abf9144f09ab36161044ac173a7929702a519efb993376c219c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
eeb11d011929582623fa75a3c2f5af20

SHA1
bda278c8886d80ec175de713ca9dda1ea1b8f644

SHA256
e0b44e63fae9873a0211be36b7b973d4b61618780f9ce0edbfa00e9560dbe159

SHA512
93f3dbc2c6c8f8380ccd60457b6108d31d81e713e439509133b598fa19de827d9ebaa8221095d9599a2a752b5c372e37d41333b1a33bd88f5fbb92b7b9021528

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
68KB

MD5
56be4937c8e4691fceed47efc9e41fd6

SHA1
37082499a0a7b7f64828db463d59eb9d12817821

SHA256
45c4f2ba0bb82701dc63591153cf3643242d831f549e40a9981e69745f7b0c3d

SHA512
032d6315ae401918456a0c261cd2cb9c7b7724f2f8b1ba0b8eb212a4ab17bbca1177d84bca0b9baa8e792e62aa3eaeb52d4520fe69c8478f6b70cc716508e5b2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
73KB

MD5
3c011b14d84ccae1f655dbbb7e350950

SHA1
fd5b9b43108be5f8ffed6ca2bc8749635f97302f

SHA256
898635176d08e05c59941df51bf05a823a6b436dbe4b81c8d3cd5eb80918f782

SHA512
a137b219e32ba09651682dd09e263c75d100cf5a9601da362cc82f274d879785a036d3f7ec8aaa61a16f2b9738a8372e531ba038988bedb76309a18fe69a670f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
234KB

MD5
cf53f6095ea963d2f18362ff1b80e433

SHA1
7ef3210ccc6232827a810b240ef539b0b0e9c8e5

SHA256
5c0ff2f269fd612ffb5ae81bb0fb54c0b8de746e53be02e988b4bb44486f181f

SHA512
70e7f9964618743b8ece705b5150b00f156b76c0a042bf858997562e599e8b1d4f5414950c6b8b52db415af9d8f71e73f1a710f57027b04c70e2bfdb921878bb

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
362KB

MD5
cc3e08f4d0b5921e6c9401aa23032c44

SHA1
0ff618fe2acc80dffe4eae8e35d33d1e78b3e747

SHA256
6dad9684a0386db7dcba20127cf67321094f329cf9a6495a11995d0f76b1efc1

SHA512
b7384ebc2aa89b0b7a5b91de25a7477becc13d3993a80189a6f81681e29072bca1a8b4cee8270d6616ef342e12a1aba0a5f7de550e997acb865703a3c3b3af38

Download Submit
memory/2416-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2416-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2432-66-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2432-67-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2580-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2580-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads