208772bef73531b7168ec74d829bbbdeaebf504abdc91e4fa32b194c4e9ca2c6

Analysis

max time kernel
157s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 02:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a126841abe5d87d8a255ecd20fbb0a1.exe
Size

209KB
MD5

5a126841abe5d87d8a255ecd20fbb0a1
SHA1

cfccdd34a73956460828657c37b5456e8feda45b
SHA256

208772bef73531b7168ec74d829bbbdeaebf504abdc91e4fa32b194c4e9ca2c6
SHA512

25b4419e0508b81b3260a2c6a2b6f8d190fb911190f7aa0ff2d0d55009082ff5a8765cae60fafecf009a2cc98c3465fec2f407977335fda2a713f6b08fe0212d
SSDEEP

6144:SldGpLF08ac7sY97oROwXImQWnJOJaANW3N:Cp8aE5aYmQWJOLW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2808	u.dll
2668	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2748	cmd.exe
2748	cmd.exe
2748	cmd.exe
2748	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2748	2824	5a126841abe5d87d8a255ecd20fbb0a1.exe	28
PID 2824 wrote to memory of 2748	2824	5a126841abe5d87d8a255ecd20fbb0a1.exe	28
PID 2824 wrote to memory of 2748	2824	5a126841abe5d87d8a255ecd20fbb0a1.exe	28
PID 2824 wrote to memory of 2748	2824	5a126841abe5d87d8a255ecd20fbb0a1.exe	28
PID 2748 wrote to memory of 2808	2748	cmd.exe	30
PID 2748 wrote to memory of 2808	2748	cmd.exe	30
PID 2748 wrote to memory of 2808	2748	cmd.exe	30
PID 2748 wrote to memory of 2808	2748	cmd.exe	30
PID 2748 wrote to memory of 2668	2748	cmd.exe	32
PID 2748 wrote to memory of 2668	2748	cmd.exe	32
PID 2748 wrote to memory of 2668	2748	cmd.exe	32
PID 2748 wrote to memory of 2668	2748	cmd.exe	32
PID 2748 wrote to memory of 556	2748	cmd.exe	33
PID 2748 wrote to memory of 556	2748	cmd.exe	33
PID 2748 wrote to memory of 556	2748	cmd.exe	33
PID 2748 wrote to memory of 556	2748	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\5a126841abe5d87d8a255ecd20fbb0a1.exe
"C:\Users\Admin\AppData\Local\Temp\5a126841abe5d87d8a255ecd20fbb0a1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\D51A.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 5a126841abe5d87d8a255ecd20fbb0a1.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2668
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\D51A.tmp\vir.bat

Filesize
1KB

MD5
d8ea9256b55cfb55a0b85a4a46cd8c11

SHA1
2e3445489c0e52620e74ff6b4b5f8f290bbb4314

SHA256
44a29994158f5797bbb1408fba10f3d32a5e087f657eaec6f9b8465d9ad5db75

SHA512
84def1ded28c5df43a8fed7487c15520ef2a989bd2987f61272bb6aa107f554d46ef27b0530f2ad724715d9fe9e3ce3e161606d8d0d071bb919b6e4544240baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
3b0b31aba7fe7355ddc0e8889d448aa4

SHA1
8e11df21ac6cbfc996356225a3d22e0c28a73f50

SHA256
86dccce40ce369031a268e0bf33a0a8440ea3868e3651b45ce0b92b8db4046d4

SHA512
5a40bc67cee16ebf32adb0dad088dbd874983ce7a26cdc4446fe7cf308cf548cc2e169f2fcabe3fa7d4e4b1166cbf0e623c25ad3a39991c6a5777a9e7c3c7d51

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e13b5ac208e6d5790b0a8db89b58d536

SHA1
a1c383b1c737af7811c240952fc19f65710cd193

SHA256
ddfe092600c6d5205336fa4f10affae0df6c8d02fe6285e92bfc64c7c4f7f37c

SHA512
091aae21cdd0c0f02f8db17fe73c68f8cd7cc8ee30577d824e3870c2edaf7346f764147aa623aae9f596ce4f0a9e486256d50bc9b374fe16d0a4e1226e20c641

Download Submit
memory/2824-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2824-66-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads