b51676e16dc59ac6fef3a8379113a783d22544a1b73246ffc20c670c24b30b3a

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

672e5f10ecf3c0b88fe1d55bc2e54388.exe
Size

209KB
MD5

672e5f10ecf3c0b88fe1d55bc2e54388
SHA1

ca3172a9e0736c3731790d0208f9cc266b163abb
SHA256

b51676e16dc59ac6fef3a8379113a783d22544a1b73246ffc20c670c24b30b3a
SHA512

1cd53c198fe7d5d9ee0ea58f89376aa1f07234b4e51f7d8b72a7a845f1d04950671d688a9579f1473b72a194dd59cc515a954840cc6f8838f3448eca7efbafcc
SSDEEP

6144:Ml7ur9z4AxnDCglaMtseU8p3ge92nOmxoeihUFxb5UT:195DC6vK38pR92joPeh5U

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2836	u.dll
2768	mpress.exe
2584	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2216	cmd.exe
2216	cmd.exe
2836	u.dll
2836	u.dll
2216	cmd.exe
2216	cmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2216	1316	672e5f10ecf3c0b88fe1d55bc2e54388.exe	29
PID 1316 wrote to memory of 2216	1316	672e5f10ecf3c0b88fe1d55bc2e54388.exe	29
PID 1316 wrote to memory of 2216	1316	672e5f10ecf3c0b88fe1d55bc2e54388.exe	29
PID 1316 wrote to memory of 2216	1316	672e5f10ecf3c0b88fe1d55bc2e54388.exe	29
PID 2216 wrote to memory of 2836	2216	cmd.exe	30
PID 2216 wrote to memory of 2836	2216	cmd.exe	30
PID 2216 wrote to memory of 2836	2216	cmd.exe	30
PID 2216 wrote to memory of 2836	2216	cmd.exe	30
PID 2836 wrote to memory of 2768	2836	u.dll	31
PID 2836 wrote to memory of 2768	2836	u.dll	31
PID 2836 wrote to memory of 2768	2836	u.dll	31
PID 2836 wrote to memory of 2768	2836	u.dll	31
PID 2216 wrote to memory of 2584	2216	cmd.exe	32
PID 2216 wrote to memory of 2584	2216	cmd.exe	32
PID 2216 wrote to memory of 2584	2216	cmd.exe	32
PID 2216 wrote to memory of 2584	2216	cmd.exe	32
PID 2216 wrote to memory of 2308	2216	cmd.exe	33
PID 2216 wrote to memory of 2308	2216	cmd.exe	33
PID 2216 wrote to memory of 2308	2216	cmd.exe	33
PID 2216 wrote to memory of 2308	2216	cmd.exe	33
PID 2216 wrote to memory of 1640	2216	cmd.exe	34
PID 2216 wrote to memory of 1640	2216	cmd.exe	34
PID 2216 wrote to memory of 1640	2216	cmd.exe	34
PID 2216 wrote to memory of 1640	2216	cmd.exe	34
PID 2216 wrote to memory of 1732	2216	cmd.exe	35
PID 2216 wrote to memory of 1732	2216	cmd.exe	35
PID 2216 wrote to memory of 1732	2216	cmd.exe	35
PID 2216 wrote to memory of 1732	2216	cmd.exe	35
PID 2216 wrote to memory of 2892	2216	cmd.exe	36
PID 2216 wrote to memory of 2892	2216	cmd.exe	36
PID 2216 wrote to memory of 2892	2216	cmd.exe	36
PID 2216 wrote to memory of 2892	2216	cmd.exe	36
PID 2216 wrote to memory of 3044	2216	cmd.exe	37
PID 2216 wrote to memory of 3044	2216	cmd.exe	37
PID 2216 wrote to memory of 3044	2216	cmd.exe	37
PID 2216 wrote to memory of 3044	2216	cmd.exe	37
PID 2216 wrote to memory of 1956	2216	cmd.exe	38
PID 2216 wrote to memory of 1956	2216	cmd.exe	38
PID 2216 wrote to memory of 1956	2216	cmd.exe	38
PID 2216 wrote to memory of 1956	2216	cmd.exe	38
PID 2216 wrote to memory of 1596	2216	cmd.exe	39
PID 2216 wrote to memory of 1596	2216	cmd.exe	39
PID 2216 wrote to memory of 1596	2216	cmd.exe	39
PID 2216 wrote to memory of 1596	2216	cmd.exe	39
PID 2216 wrote to memory of 320	2216	cmd.exe	40
PID 2216 wrote to memory of 320	2216	cmd.exe	40
PID 2216 wrote to memory of 320	2216	cmd.exe	40
PID 2216 wrote to memory of 320	2216	cmd.exe	40
PID 2216 wrote to memory of 2876	2216	cmd.exe	41
PID 2216 wrote to memory of 2876	2216	cmd.exe	41
PID 2216 wrote to memory of 2876	2216	cmd.exe	41
PID 2216 wrote to memory of 2876	2216	cmd.exe	41
PID 2216 wrote to memory of 1692	2216	cmd.exe	42
PID 2216 wrote to memory of 1692	2216	cmd.exe	42
PID 2216 wrote to memory of 1692	2216	cmd.exe	42
PID 2216 wrote to memory of 1692	2216	cmd.exe	42
PID 2216 wrote to memory of 1644	2216	cmd.exe	43
PID 2216 wrote to memory of 1644	2216	cmd.exe	43
PID 2216 wrote to memory of 1644	2216	cmd.exe	43
PID 2216 wrote to memory of 1644	2216	cmd.exe	43
PID 2216 wrote to memory of 1924	2216	cmd.exe	44
PID 2216 wrote to memory of 1924	2216	cmd.exe	44
PID 2216 wrote to memory of 1924	2216	cmd.exe	44
PID 2216 wrote to memory of 1924	2216	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\672e5f10ecf3c0b88fe1d55bc2e54388.exe
"C:\Users\Admin\AppData\Local\Temp\672e5f10ecf3c0b88fe1d55bc2e54388.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\366C.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 672e5f10ecf3c0b88fe1d55bc2e54388.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\37C3.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\37C3.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe37C4.tmp"
      4⤵
      Executes dropped EXE
      PID:2768
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2308
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1692
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1660
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2908
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2964
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:520
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:592
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:676
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:464
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2968
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:744
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:568
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\366C.tmp\vir.bat

Filesize
1KB

MD5
1afd2c654753106c020221e15ea2421d

SHA1
961e0a1decab80b16456f30cd85f87042595917f

SHA256
730c6086b5868e101293cc65c7e176d3686c840abfeb4c3383e65e5db5648550

SHA512
258adf832ff4ac8c172640ec808b8aa56256e9f90c62bef93168be7bc4f3d7031e7b677707a8251c2ab440bff4533e836fb84af4ec5654e5964d33caf09a69f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\37C3.tmp\mpress.exe

Filesize
73KB

MD5
f51f73b190be74af4bdbf94d21bb60a1

SHA1
20a7f0b26d0e14db58c3cc4effb944607debf36c

SHA256
4e6a0df72ddfd3cf53bc373bde736fa78f637d645508019804637c0ddfd14b5b

SHA512
813ae197452cdc8b48463988c3325b78be1236334b01c183fa4aa417434ebb6baf7d55c0537e5b25330bf5a7950e792ff683ef7568395d3f2c339774bc583852

Download Submit
C:\Users\Admin\AppData\Local\Temp\37C3.tmp\mpress.exe

Filesize
80KB

MD5
2182c36d2a4358a1eba84cbfa2d8f542

SHA1
5de426ad94e23ef04554dd82be3129154a99b81c

SHA256
40256e48ee0a3189fbca1500e0196a376c8ae62721dfc0a6f02260427c3d354d

SHA512
0cac958c3339aece4581ee52970ea891aeace6ef8a247c52c10d55903a94c1dfd5d05575394bd59bae06e44a99a796abbe64a404b0083ffcc031e0dd89ae216f

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe37C4.tmp

Filesize
41KB

MD5
21ad9b883cb5428eb7a8312dc2468537

SHA1
3e1e5c560a68d92786ed348752be55982c51a405

SHA256
84c821ba37101822b7b832fef732c9f6435c3fc039c3bc6d703c0c0ffc007b6d

SHA512
842ec74ffd31c02ad65f9a9ae2d3ffa0c6a9392bfb25d4e1fc45166abee90ba709ebfcfe14ee722221679d7a88d8438a7635e17a9b9be9f7803988b1d4a40cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe37C4.tmp

Filesize
24KB

MD5
b18694bdce402e8d291b358923445f83

SHA1
a41fc0f037b6cf2db30ca526a076a0cf336ec2db

SHA256
8677c5d2a78175d0a1736b69aded146dfc1409e948411e3c9028387c4c303cdc

SHA512
1b63f0c0c493a1e11f6709aeacb7cfaa1b5c62f32f7cb88520bcf577cc40495c6291fa9a53b0eb4c7d65086bdf7b2cf3f756d9abd80b6aae73f5b7cecfd226ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3998.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
5eebc5137f7474ad3d1036a2fc92dd9b

SHA1
55adc9d05feae8b8866b4d3d9f47771b38c929ec

SHA256
0af0b0f54b7bf4e2bc934ff5122a4541df938d2c2865a9aca17d1e03f007d2da

SHA512
ae3709f5a675f318503de49045f4312169318b7e066ce1f0b78955235c2ecb62f242cdb4012527b2346be8c9a57056ebd13fcba810aeac6cf82f1b4464383483

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
460KB

MD5
ec23d160b812ae60c120177d1a4af904

SHA1
95dcee7a6b486a7702edcbe2826775951b436b04

SHA256
bd5be0cdf15e58f7996053b161cade2e092e24605a6262dfd8348dfe70834525

SHA512
b2e765b175f2704e2b4acddc529518af9b70834e1708ce1c79dbe1df0ffd1979b9a3eb414e4f11f88d737ff886e270423d640cda26e1d60d84fd4f4bf7ebe5c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
371KB

MD5
6c60a84447b60e71a9d243cd0873778e

SHA1
50f3a801002d36b72c2d1823ec23686ba4e371ec

SHA256
133cca3c879375355343fe2fe1d732ffc298206a4ee575dd3bc950fe4a4bc9aa

SHA512
ca475087177b8eb1999ecddf2905e096635d2ce2eec73e6e2463e60675e1994305e4aa7999c25039f7944632adb06c5e7de3bbafa7d9d1f4bf1b2c4823367d24

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
dff4d9fe638418f1fbadec0014a6d3b2

SHA1
fe76a3f7cebf255fca2da4da4388ddc2f10b5696

SHA256
447ac574d0fd69ffc4cf3a0c1887c805c761b929e76526340000febdd3bfa627

SHA512
d9d4fef3af3f87f6a1709384d2647dc17e6c485e9bab9b7b3f95529b0514ed861c76f8a42aaff42a5d562bdea8362092929c5dc6e4d6a4f78875188a05b6143a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
54c56605768ed989c31c213c77b28825

SHA1
84900d8e29bddf425bc061bd066590413d6fe96b

SHA256
810d7f4bba77bfc998e6b02c19342c5ea021e7b9bec2009657468bc6ed1beb50

SHA512
503e8239b3203671340e386dec5e5664c25dc091957e537cf4ecdb40f4a2b833447f1fb6801eb2193372bc113b8a5bcafde9f450b78ae5ba1999d187c6327e2b

Download Submit
\Users\Admin\AppData\Local\Temp\37C3.tmp\mpress.exe

Filesize
75KB

MD5
37f37941bfaa2670715ff0011369ecf5

SHA1
00ca2c5ec6a3f576de051697e5b40ffca45b4d17

SHA256
bec0ef253710e851f4062ccd2e9814248d4f960577750b68af79558767d3dabd

SHA512
ab7de85f5e30bae9098ab48ebc240f2c01aa971210438d3211fb10d26c7cc61c9ac9d8b6b83fd1000ae92b2f50bf563eb4af2ef52a9ada1637044d8ef8dec0b1

Download Submit
\Users\Admin\AppData\Local\Temp\37C3.tmp\mpress.exe

Filesize
26KB

MD5
3b250f19d244b6906a3df637539ef8a5

SHA1
729509bc76b35424eedad6c45246e13d034526cf

SHA256
8570d34d6f0423361f506b3c94fc971e30a328822286635193cdb37f0245d777

SHA512
bf892e18dfbba1a905735f355b1f77bb875fd6dec4747d68e1f3bbcf42ac81048802bd2ee0b17b85127853af7db2de739b44e88d210b5d5852eb3cf64fd01c64

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
374KB

MD5
e17ca565ba247cded4fc96b84c3aa8dd

SHA1
6a496680bb7b51b64878aa89a58f42b2ab669dfb

SHA256
1ed1bf29b5c71729cfa76d74b1af856a4e7eadcaeb34914756c56b9e94195cb4

SHA512
e0582b2eb05adce12c108687bad2444e0ee2fbeb981d7b7cd191fd6b39665c82fa766153bac62ef06206eb7de24925bfcad37cfd733e71ec075a62108ad42467

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
418KB

MD5
336ef2580526b7285de9464cae68bade

SHA1
c191f025de9e014cf875e5c4e02e9edd5fabcb13

SHA256
6742fd86fc2e6ff6ae259d81a7a338726ff1def04e49744a69b886e35293a740

SHA512
37fdfb3ebcd52fb716a2b8f6312dc4764479d35b5b417783b252551793a0642c769d64ccbb8189dcc6f1ec18ae0be834d351d327b655ab2940420a2caed18845

Download Submit
memory/1316-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1316-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2768-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2836-69-0x0000000001EC0000-0x0000000001EF4000-memory.dmp

Filesize
208KB

Download
memory/2836-62-0x0000000001EC0000-0x0000000001EF4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads