da0d430e386771421f2cfd7ce17cbbec0790ec1eae58e08374251231d0880a9a

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a7ac00c716ebc8cb7ee2364b36d6c76.exe
Size

209KB
MD5

5a7ac00c716ebc8cb7ee2364b36d6c76
SHA1

ae5e0c162d660ecae3586fe15315e4ea5871adf8
SHA256

da0d430e386771421f2cfd7ce17cbbec0790ec1eae58e08374251231d0880a9a
SHA512

80acb0d58dafee3f3c060a71a2b9d0ab38aba567e599f0b6f25277ec60d79e55446772c1164dd23ae6defa6ca2399ee3544c9c9bf436903d756a1590fa5fde5d
SSDEEP

3072:UlqalmxV3uH5boSTROKTLOLLYSPqum9azjzzTCGPvbLmlTQegS:UljIxwZrROK3ELXium9GjzzTnPk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2784	u.dll
2536	mpress.exe
2520	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2744	cmd.exe
2744	cmd.exe
2784	u.dll
2784	u.dll
2744	cmd.exe
2744	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2744	2188	5a7ac00c716ebc8cb7ee2364b36d6c76.exe	29
PID 2188 wrote to memory of 2744	2188	5a7ac00c716ebc8cb7ee2364b36d6c76.exe	29
PID 2188 wrote to memory of 2744	2188	5a7ac00c716ebc8cb7ee2364b36d6c76.exe	29
PID 2188 wrote to memory of 2744	2188	5a7ac00c716ebc8cb7ee2364b36d6c76.exe	29
PID 2744 wrote to memory of 2784	2744	cmd.exe	30
PID 2744 wrote to memory of 2784	2744	cmd.exe	30
PID 2744 wrote to memory of 2784	2744	cmd.exe	30
PID 2744 wrote to memory of 2784	2744	cmd.exe	30
PID 2784 wrote to memory of 2536	2784	u.dll	31
PID 2784 wrote to memory of 2536	2784	u.dll	31
PID 2784 wrote to memory of 2536	2784	u.dll	31
PID 2784 wrote to memory of 2536	2784	u.dll	31
PID 2744 wrote to memory of 2520	2744	cmd.exe	32
PID 2744 wrote to memory of 2520	2744	cmd.exe	32
PID 2744 wrote to memory of 2520	2744	cmd.exe	32
PID 2744 wrote to memory of 2520	2744	cmd.exe	32
PID 2744 wrote to memory of 2900	2744	cmd.exe	33
PID 2744 wrote to memory of 2900	2744	cmd.exe	33
PID 2744 wrote to memory of 2900	2744	cmd.exe	33
PID 2744 wrote to memory of 2900	2744	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\5a7ac00c716ebc8cb7ee2364b36d6c76.exe
"C:\Users\Admin\AppData\Local\Temp\5a7ac00c716ebc8cb7ee2364b36d6c76.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\78A9.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 5a7ac00c716ebc8cb7ee2364b36d6c76.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\7AEA.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\7AEA.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe7AEB.tmp"
      4⤵
      Executes dropped EXE
      PID:2536
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2520
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\78A9.tmp\vir.bat

Filesize
1KB

MD5
04bbffa685f04b371ed9838012355b9d

SHA1
f6196bd4318a58fe514c7e41b7a9b6dcf0791690

SHA256
0d71f811e4393d996db1ddeb219c0d88ce48733c80ffbb4fb2585aceeb53d756

SHA512
2aa80d091a145fe199c7455874535014ee01662a112bcf5a26679e7dc12f408e61984ed340f918478f87a44d991582309bfdde3110ac97313e7269e0f3f0bf05

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7AEB.tmp

Filesize
42KB

MD5
8897e0427a4fb009fec3a8e73ea422b3

SHA1
67efc15790a67e963718364ad1b8461e8f2bdb48

SHA256
3955466e17d2c17882d8664aecc0bb9554a7cd9c9bc0a00d2c8549ddc0c575b3

SHA512
4b9f23f6988b5b52ea59f2ec05f2767f0106a6a91b1fd9b9a822caa7a5764c6c10869d8acdde7837fe60be2b861f70fa41ebca7554305bab6c5636017e7e4e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7AEB.tmp

Filesize
743KB

MD5
35d48e0370ee81407b0f834652b46afa

SHA1
1e76e7c87c904767b176d5ea742952894e1b8d6e

SHA256
d1629a0569e96825a2be1d2af73596c08d31420690431987691fb3ba670ba56b

SHA512
81c84fe08a3a7b1a755fbb689d08b36decc6b46ee9167ae5747cce034d1395d5793c039c495980aad9c6a3c2d048a614f06010ef74d2b039de3ebd723e5a3778

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7AEB.tmp

Filesize
208KB

MD5
00abb69c65767d11fa29d16de42c13a8

SHA1
0d4331f8f20cb534d53f064036f3fc08b7c41817

SHA256
2fe67138b5c7ec225a31939c1796314db399877ff2613512ea412e7acbc45b30

SHA512
fd4296e58dbd7023da48c4dabc9223bdfa0aad9f96d5f2fea8acbb9456461d9c9f340a352b4180b593bc4c2d5695f3bc58d22cb0869dd00990923f75a372eb7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7F10.tmp

Filesize
41KB

MD5
bfffa6c36b0aa15510a443a79382ede1

SHA1
af44603bd5cad266d5e1b681691c56a25b603e58

SHA256
54cc6b298d45fffa6b9198fa5d4b5793c6248f887feaed2b928c6c400fb7a22b

SHA512
381efd97ac75a95ec229955d82d6d4fc9019de88ecf7f58e9f550dd4a002d57ce03983dfdb3286782685d15740388e2d0bd6de50753a0b224dae10b0ebcda486

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03cfde8f9aa4a9e26520da9a85faca40

SHA1
45a3dc2ab8aa420c19922b1783a9f19e695da4e6

SHA256
93a3c30195dc710c1469f5fd364fe3e1866878b0055ee942ef23c19602664379

SHA512
e264531bbb9912785010f0368627937d33a6173e8c5b7b7d8f15809c018e2cfd799ec6182ecdb17f3f98c142b3bc0b475c1e625febd14805f7ff9a68ad6b2133

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
287408504d8c0646f832c6cfb99e3fe8

SHA1
ddf260d8c203e246246c1284af8e7a0d7d1a019c

SHA256
2ad57a1d7af5e659a05bb32fa108a3326fdcb7f872a60b36d204bc7e05a8b0c0

SHA512
0efe56e00206f0fd9ad1fe94fa4c2234840996e3ea7d1238671918a55249685c74d239940a0b9ea49040e6ac0940700b56045e067ae985a181c014f7d5583c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
3ec8af5f0f76bf9a724eaf0021dc0066

SHA1
ea5c887d7bb50fc5f22e494c2cff03740a893f0a

SHA256
3300c03d2c03c942aeb00f592ed14a9e52456f6b5312e6d68075e82c206a5201

SHA512
f900f140a4c16f0106f77410e79b182136b81373f8129a3327d73c40bec6decf0b70f1cb4e303ef7a014f219a8122c755f3518f578fbcdca8f0d23a3b95d77f8

Download Submit
\Users\Admin\AppData\Local\Temp\7AEA.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2188-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2188-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2536-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2536-73-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2784-65-0x0000000000310000-0x0000000000344000-memory.dmp

Filesize
208KB

Download
memory/2784-60-0x0000000000310000-0x0000000000344000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads