ba912bd741770fa27e54e36dfaffb5bba9d84eadbd117269e0e9c96f7fa781bd

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

711f728f257dba4b0a7e394d92b0a55a.exe
Size

208KB
MD5

711f728f257dba4b0a7e394d92b0a55a
SHA1

28bd8a67527f6c77cdf849a8069b5667c94d84e3
SHA256

ba912bd741770fa27e54e36dfaffb5bba9d84eadbd117269e0e9c96f7fa781bd
SHA512

91354c080d5fbf43c0f3f3ff9ff6a6c86329469475cc9c5b7317aabbb712e72f2224937d35ebd3e995a1407de0d1d24a7dabdded0208a6ce827d6a0f3e59c33f
SSDEEP

3072:yluy78nwop7tNy+BxNE4JV5Ad1W/kPkfWZozsW22XN16U+ylU9FZjJQuhyAeac:ylNgwMNEC5Xs8fbzU2d1cymjJ1hm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2092	u.dll
3052	u.dll
3040	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
3000	cmd.exe
3000	cmd.exe
3000	cmd.exe
3000	cmd.exe
3052	u.dll
3052	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 3000	880	711f728f257dba4b0a7e394d92b0a55a.exe	20
PID 880 wrote to memory of 3000	880	711f728f257dba4b0a7e394d92b0a55a.exe	20
PID 880 wrote to memory of 3000	880	711f728f257dba4b0a7e394d92b0a55a.exe	20
PID 880 wrote to memory of 3000	880	711f728f257dba4b0a7e394d92b0a55a.exe	20
PID 3000 wrote to memory of 2092	3000	cmd.exe	19
PID 3000 wrote to memory of 2092	3000	cmd.exe	19
PID 3000 wrote to memory of 2092	3000	cmd.exe	19
PID 3000 wrote to memory of 2092	3000	cmd.exe	19
PID 3000 wrote to memory of 3052	3000	cmd.exe	33
PID 3000 wrote to memory of 3052	3000	cmd.exe	33
PID 3000 wrote to memory of 3052	3000	cmd.exe	33
PID 3000 wrote to memory of 3052	3000	cmd.exe	33
PID 3052 wrote to memory of 3040	3052	u.dll	31
PID 3052 wrote to memory of 3040	3052	u.dll	31
PID 3052 wrote to memory of 3040	3052	u.dll	31
PID 3052 wrote to memory of 3040	3052	u.dll	31
PID 3000 wrote to memory of 1928	3000	cmd.exe	32
PID 3000 wrote to memory of 1928	3000	cmd.exe	32
PID 3000 wrote to memory of 1928	3000	cmd.exe	32
PID 3000 wrote to memory of 1928	3000	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\711f728f257dba4b0a7e394d92b0a55a.exe
"C:\Users\Admin\AppData\Local\Temp\711f728f257dba4b0a7e394d92b0a55a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\703.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1928
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3052

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 711f728f257dba4b0a7e394d92b0a55a.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
PID:2092

C:\Users\Admin\AppData\Local\Temp\22EC.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\22EC.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe22ED.tmp"
1⤵
- Executes dropped EXE
PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\22EC.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\703.tmp\vir.bat

Filesize
1KB

MD5
0e6f20d352ab0d9455d8ffae428ab173

SHA1
83c1e1e1db657037bef3307638acf61e6f9426b0

SHA256
8414fb6aebe5e56139d1263274c5564dd281e93191cad3fc28497646fd5f07e6

SHA512
b423ba715de8ef630025d86dd3d8c23fb6b63a50b5154242edeceb6d587e0fbc2eeb0fbb30a687aadeefd76a70cfaf0efabc3be16c987ac2a47368e3749d0263

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe22ED.tmp

Filesize
41KB

MD5
cfb6c23b4ec82cb8a0c562d2b9f34c23

SHA1
c7b496195abf2cceb09d8536768d83ab4aed6687

SHA256
28feed5f31044cbc96b185cd8ac0b12cffbc848b895ffce7d4005e25f7a8faff

SHA512
55a2e71b87db5af46c90eab14f95534d0deed807e91c4a52fb762141972a051633decedaf41b19b857efe8fd24821b59e15b33c9e00073da094495ea316420ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe22ED.tmp

Filesize
207KB

MD5
32055716063cff214b0bbf4cba6fdfb8

SHA1
415604c4d786a0d16d4c52e2ca70dd17d6f47b08

SHA256
2c615c0c5466fa007f3f1e418750e3473d0768d8f8553a1bec5bd835b43f112b

SHA512
3796bdd21a1baab94c388d01533857fb1f1d1a9e0fbba16b00e455b639196393fd5c214e4a2104d150fa193637673f308ae46438562e7c26344f0437a6dc3a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe22ED.tmp

Filesize
741KB

MD5
e653069049d71dc2927db71477a04e4b

SHA1
ae424f3cfca1b22a7a82a5b9ab7ed5bbc890b262

SHA256
cc29fe690b323d174113ac13ea3e795e386cca389a6b33e9dfcf093afc0dbaa0

SHA512
9befbd7cf23fb79eed0c1946576dc7098203a6fc15e932612ca28fb66467c1a4228be7a7d7251a5d86c14f9b707048e5b1799f31f45513bf909b608aa00301ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe22ED.tmp

Filesize
64KB

MD5
0017226cae2302dd872c4d17938939d1

SHA1
c28f6cb3ef6edc7be6c6ca74d3ca476f0d42d58f

SHA256
00a2ffdbbb01b9c11b7afbdc87b8ab551c1a7f6e52faf928d36952d6818d40c7

SHA512
ca04f8a0d093f8b399250402b17bdd59d04aef3d33c839ef84f12643e833d751703668e45a4ce3ade13fe793caccf9dbec7eeafd6886293bbf21fa941c4ca8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
449KB

MD5
0902edf24a876c94d2e514d0cc74ed26

SHA1
4eaba65fa7e1bf5846ac6a2ff6d6f061bd3c9d15

SHA256
7636e0127239e2cf179486f6a1c7bf92bb8315039319040af620d41cf2ffd9cb

SHA512
dc016b6966e44f25b347a128c97fe7fa766660f2615e36be0b13d9e7552836cb5dcdcae42fce84f5eedfafa617b60281a4f90efbf22d414d1287a2535a238810

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
319KB

MD5
68b9ca145f45b3dd75f8a7aed63d933e

SHA1
671bdaf5d5f748f5893e37a062045cedcea7b10e

SHA256
2f1679a1d72ada2bdad8897960e9e50e03fdbeba294347b925e2a27f0c7b52a2

SHA512
3708bfbc1a598c57afe4bfdf027b7b526d0e08cff233ebde960cb3c09c12d3f9ffa6bdb3e1e4d6ef0c67bb2c81f8e79dfd0c5a9fe5b1aba3fdf16126fe549ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
226KB

MD5
b4724a9779092b04386ef889b85187f4

SHA1
39472da12262f694dcbfa6b23803a6cdc2bea7b6

SHA256
b5bd0f0c3b345d180b28e263b76def7170b5fbe333949b1bf3baf87ed26e8678

SHA512
ee7faf965e776e65e9b2ac229e8a8e88c0b6d2804b009ce42a700b5dd7b4cff2cadefba5d202888be846c748c45212ab8b5849421bffd5cdd068747882d15cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
111KB

MD5
0b518964c4be3ca9f8b016f352236046

SHA1
35e2bc166644c9acd118c9b194eee50921544a22

SHA256
1e53b50a12a00ac2696b95cb46341973dfd506981a5eb051f6578e964c7fc3a4

SHA512
1e331358158a5a2675768fd67e3b8a0ab066dda61f8399e558892c95f8c47ebb1d6c4c27d9275b3908e83a32a5ff97aef11a1c40c25bdf0a1b50d73eef5c933c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
03fa4a4fe611c1b99f560d99383789f7

SHA1
80e0611e87254a6018f2d5db5eb155b9bc7148a6

SHA256
ef7ed36f0ada8b0dd04b897b90f05a2214f8eb3bf1d6465c8dd8ac1e389db82d

SHA512
30bb590c10dfa0bddb5fd516f7618dd30f2726199696be7dd1a944abb96b42662505edb908741cee858fb91f9bc5d445a4880a05d8bbd767ff86769c3ee7de0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
162330991bc17f93f5df92d32f92b5a0

SHA1
ab282edd227ff4f3042e51de6d9417a33d99fb93

SHA256
fa6b0c068bd29ddbc8301b5c61744c9ad1802ff357600e5554c9a60284a50e8c

SHA512
40171bb234a44177f4c799b49bf8794d57e1e6b03a279128c0b6d0080a819dc420cfc26126be4cc94233ae734b2c1ca1eaa44a22d0a0e223fcd7c64969b9ec15

Download Submit
\Users\Admin\AppData\Local\Temp\22EC.tmp\mpress.exe

Filesize
51KB

MD5
8d5d71a24ecec040b475cfb57381f564

SHA1
4d2370bd8afab4e0eafc2dc4b01c0d3d19550620

SHA256
a6a3639f477cb6b8734a3ad3bdfb5f935a3da27efa79ff5c93403dc8e415a1d2

SHA512
8303f3676d8c4e1ffa5ab81f75461aef8ffa35f8b9ba23f4d90d34d8ba171694e4d920477bb8bc63f0ff7c65592997a08074c257dfe97822e25e0232edf47d96

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
305KB

MD5
5cb766e260a600610689bf8dccde6c5a

SHA1
0b2a03e3c6937e42fafea3b1edaedce1589b4a07

SHA256
7b39350c38112c2d56aa6dba449e420abd132e8a31379573cfba54ce4492f499

SHA512
4b9b4b28f4ad1b3f58ccaaac1377686a0400e486c8b68b4a5bb85bb3a9a9f9b79739730f812f65ffe695b02b946deeffa52679907d853ff97487bec3ef846b10

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
394KB

MD5
7a9f354503ac82d2e948b1a7f27ad534

SHA1
8476e70264e8ec634ae18a01aea83bd9620ab48e

SHA256
ad8723e68465841be240d7221298370f8c13c9d2f1d777ed73b5ec262c0cb852

SHA512
cb6b369c4039c546a06b1e7bdd2c3b25c3575500b6c8e232ea740b937703823c1371d088e3bd3001d5f4167ffac3308c11e77b1db9d7f7d1c8d4ea7412fd102f

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
memory/880-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/880-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3040-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3040-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3052-94-0x0000000001DA0000-0x0000000001DD4000-memory.dmp

Filesize
208KB

Download
memory/3052-88-0x0000000001DA0000-0x0000000001DD4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads