912c8a9a1e549b1537fccc532f6fa716a4c1dc7699e5580034f07431e6820296

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57ff26060af85e179703426f44b4556a.exe
Size

209KB
MD5

57ff26060af85e179703426f44b4556a
SHA1

142e8d3a670aa3e4314db46c634c87a357b8a00f
SHA256

912c8a9a1e549b1537fccc532f6fa716a4c1dc7699e5580034f07431e6820296
SHA512

4f699f09f368b7361b94e76c2da251eeaad7dfcf98e175d7951dd4c687ec7e56451b4b575b620f12bad10abf1c4c876825c8871562bf9a621f62fc2b3cac3c74
SSDEEP

6144:Wl0n6auvRghTYJn3QvYDsN34T/l2rDeGPk32SPYZ014Cv:hn6auvUA3QvYDQFPeGhSPYZa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2788	u.dll
2644	mpress.exe
1440	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2640	cmd.exe
2640	cmd.exe
2788	u.dll
2788	u.dll
2640	cmd.exe
2640	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2640	2612	57ff26060af85e179703426f44b4556a.exe	29
PID 2612 wrote to memory of 2640	2612	57ff26060af85e179703426f44b4556a.exe	29
PID 2612 wrote to memory of 2640	2612	57ff26060af85e179703426f44b4556a.exe	29
PID 2612 wrote to memory of 2640	2612	57ff26060af85e179703426f44b4556a.exe	29
PID 2640 wrote to memory of 2788	2640	cmd.exe	30
PID 2640 wrote to memory of 2788	2640	cmd.exe	30
PID 2640 wrote to memory of 2788	2640	cmd.exe	30
PID 2640 wrote to memory of 2788	2640	cmd.exe	30
PID 2788 wrote to memory of 2644	2788	u.dll	32
PID 2788 wrote to memory of 2644	2788	u.dll	32
PID 2788 wrote to memory of 2644	2788	u.dll	32
PID 2788 wrote to memory of 2644	2788	u.dll	32
PID 2640 wrote to memory of 1440	2640	cmd.exe	31
PID 2640 wrote to memory of 1440	2640	cmd.exe	31
PID 2640 wrote to memory of 1440	2640	cmd.exe	31
PID 2640 wrote to memory of 1440	2640	cmd.exe	31
PID 2640 wrote to memory of 2728	2640	cmd.exe	33
PID 2640 wrote to memory of 2728	2640	cmd.exe	33
PID 2640 wrote to memory of 2728	2640	cmd.exe	33
PID 2640 wrote to memory of 2728	2640	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\57ff26060af85e179703426f44b4556a.exe
"C:\Users\Admin\AppData\Local\Temp\57ff26060af85e179703426f44b4556a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\2481.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 57ff26060af85e179703426f44b4556a.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\24FE.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\24FE.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe24FF.tmp"
      4⤵
      Executes dropped EXE
      PID:2644
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1440
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2481.tmp\vir.bat

Filesize
1KB

MD5
6ae24aebf1d7741a64c1f3bc2f37e276

SHA1
9f70f60e4e8a78d2f10b7eac360454e73b3110a6

SHA256
b8e6068de5dff00f1d68ddf6626f1ea60b2d1bb3309d4498b6de60fc8aa05467

SHA512
1240af07b732233e54f27f16fba50ff560bd6e1908034d1394515690d47802ad7e1236d287f0de56c7a942984cce9eca4ebcdc7289b75a48be4f467c9428e74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\24FE.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe24FF.tmp

Filesize
41KB

MD5
71ce3645ecf4a753408f77c5a8bad638

SHA1
9b8252af055414bb69e5ce0f1826066c27c0d63e

SHA256
75e8f3a8df737002f0d4be1064a96490ca1c56148ea69781abaaa6299eff9b21

SHA512
79a8d69275afc627a9102e62f05d3867ef013a11c174dd4981fe31494d3f6e127032fdcc92fae99aaac2a485a6acdf0d7fdf6df120c53a024740ff1786f51c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe24FF.tmp

Filesize
24KB

MD5
1246b7eb15106808804cfb591e479cd6

SHA1
afc463cbd718647569f981ace9252fbc3f3457eb

SHA256
9ed8bf574cd31a3b5a01afb155895bedceb3828ffeabdd291d41a1d81e140394

SHA512
9e88cc776a950ab47dbfe11b566dfe8a0f244dc832430435b9abdf721a3974fc9d76a781d62b7d3bd4e6d8b8893313d5831148342e37e00ca112b12c8787f626

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe25CA.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
93KB

MD5
ec3db92301aa424c7a530a4d539a7f37

SHA1
ce848672ac400bb50fb7ef6dfbb0f92f3b41d65c

SHA256
6a9bad795d66771f71f44ef3200af4939ff91cbf757aece23ef677e08b63eebc

SHA512
a6cbd9adaa09737eccce6876531aa59b43b945bcf0ec2b97645f98377061eec725bb7bc678bc7ec16cbf2ba1dcac118a382c0746846cfffde0fdc349331b6b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
b667cbfa865d4c554903ae0e5b156980

SHA1
0e185a00b47a666c46b52f1e090df787ea42a921

SHA256
655ee4caf297f45ff9645520dd845dcb1f01729a72df542c00905867ec8614fe

SHA512
a68e2195a47272f0a799fd724f7b05b2f35962a59389459a0777f5e06036bec45fe277da503875a15a5c98ca88b6b5136ab8f4b0cb6bcc435ac42c52444ba386

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
4c11f96de063606941f000ef706ec01f

SHA1
881f26bdf30364decd7c38ba42a2ccacd97c04dc

SHA256
fb9d20b844448308ce477b7eb5fb3de9ebe1b0bd2b31cc658d9184ca97fa9494

SHA512
d9a9989211753c5b3ecc64341ce9f2b9c8e0f975f0deeb8c78e2d76af2ea1e2044c1cae99dd77daa8cc9a41128f69009323468ad8d42d561744ef16a13e4a852

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
384KB

MD5
24dfc4c9e007f2583b956d3ad07de800

SHA1
0b55c60ceb419e2fca38ec401fd143fed0cc58ee

SHA256
96696051cd5f06b05353731d5524b3d828259fffe0d9237407776efef7e6ac54

SHA512
282767a6486d42ffed096909fef64086d55ad28bb35cee37da5bc2e573d608342e5bd85eed6c8c330c84df02a1aaf4aea95df870d506d1e0cc35e551d80b39a0

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
382KB

MD5
3981395ac550547f964f87a3f15e2158

SHA1
7538d14a77bbb4cdfadff74385f849199392bf74

SHA256
8ef383ea0d049c6972c81e1ecdde8d719d5d0cdda995fa1ab70a3ee32c4acb73

SHA512
700649f2d7180ce60457de5537544254c40fba9b8871312cf0f25743fcce46714b21c3cc079e80afbc342edd743e33e91b4e28e412315bcdfc8436170e37f1f7

Download Submit
memory/2612-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2612-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2644-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2644-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2788-70-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download
memory/2788-66-0x00000000003C0000-0x00000000003F4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads