5e25f38f04cccbee1db0b2f3bb7bcd769bb0d4cde3a5db1bb1867130d8d5c260

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72dd00df2241006a8b6847df698c11be.exe
Size

208KB
MD5

72dd00df2241006a8b6847df698c11be
SHA1

29830c49b07c2f91cb5d6444bd7e51e9776fcb31
SHA256

5e25f38f04cccbee1db0b2f3bb7bcd769bb0d4cde3a5db1bb1867130d8d5c260
SHA512

47ab23045c15f7b9bddf675bb334c7b1e431cbec23f8ff35581b34251ce11c23c4c41466edd2912a705bb9bc45c8523142ba3ac630e74298026da7d6e1aa81e8
SSDEEP

3072:Pl2/rrmXJVZEeFtPpF/n4A5G8kqKm5ahSERzNuq4auxvu8D9PLZoNx2jYS3YGQ2z:Pl2/rrAztht4A5G8WsSB74RTte8Yyz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1912	u.dll
2732	mpress.exe
2552	u.dll
1948	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2352	cmd.exe
2352	cmd.exe
1912	u.dll
1912	u.dll
2352	cmd.exe
2352	cmd.exe
2552	u.dll
2552	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2352	2476	72dd00df2241006a8b6847df698c11be.exe	29
PID 2476 wrote to memory of 2352	2476	72dd00df2241006a8b6847df698c11be.exe	29
PID 2476 wrote to memory of 2352	2476	72dd00df2241006a8b6847df698c11be.exe	29
PID 2476 wrote to memory of 2352	2476	72dd00df2241006a8b6847df698c11be.exe	29
PID 2352 wrote to memory of 1912	2352	cmd.exe	30
PID 2352 wrote to memory of 1912	2352	cmd.exe	30
PID 2352 wrote to memory of 1912	2352	cmd.exe	30
PID 2352 wrote to memory of 1912	2352	cmd.exe	30
PID 1912 wrote to memory of 2732	1912	u.dll	31
PID 1912 wrote to memory of 2732	1912	u.dll	31
PID 1912 wrote to memory of 2732	1912	u.dll	31
PID 1912 wrote to memory of 2732	1912	u.dll	31
PID 2352 wrote to memory of 2552	2352	cmd.exe	32
PID 2352 wrote to memory of 2552	2352	cmd.exe	32
PID 2352 wrote to memory of 2552	2352	cmd.exe	32
PID 2352 wrote to memory of 2552	2352	cmd.exe	32
PID 2552 wrote to memory of 1948	2552	u.dll	33
PID 2552 wrote to memory of 1948	2552	u.dll	33
PID 2552 wrote to memory of 1948	2552	u.dll	33
PID 2552 wrote to memory of 1948	2552	u.dll	33
PID 2352 wrote to memory of 584	2352	cmd.exe	34
PID 2352 wrote to memory of 584	2352	cmd.exe	34
PID 2352 wrote to memory of 584	2352	cmd.exe	34
PID 2352 wrote to memory of 584	2352	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\72dd00df2241006a8b6847df698c11be.exe
"C:\Users\Admin\AppData\Local\Temp\72dd00df2241006a8b6847df698c11be.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4164.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 72dd00df2241006a8b6847df698c11be.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\42DA.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\42DA.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe42DB.tmp"
      4⤵
      Executes dropped EXE
      PID:2732
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\4470.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4470.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4471.tmp"
      4⤵
      Executes dropped EXE
      PID:1948
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4164.tmp\vir.bat

Filesize
1KB

MD5
9826e338e1c2e3913336b4b17ecc7046

SHA1
7fac659ab94b051a5699d559e78d4f637c145bd8

SHA256
8dbee316447a2b0041cc7a2121966706c835fc3b2551df71671daa2933089791

SHA512
8fd4b7204ce4bfc6955a03a122d866f6da68d4d9601b44fe0deb698d517b248f4e99f85a3f0a7b0324f67b26f7847368e45e102d235da73c0adf3d5adafccce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe42DB.tmp

Filesize
41KB

MD5
ced9fdba93c6c0a69c43a7fc783d0182

SHA1
3919692fb4669491dd6a24c6bb16f430d0a43e7e

SHA256
a3bf78576222c5da88aea0b9196a2d1003618e4bc9de921d3bac3a2c65ded3fc

SHA512
ab94864403a39322f8587ef946a34e06311ef27d051c4023e29e599ac85cd9bfa15dfcb94f491bbc4a95753f33f28a768b22621cba654c8060daa5df03c73ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe42DB.tmp

Filesize
41KB

MD5
d05eacd88a321666f28ef1b5b8259e03

SHA1
b2bcea12e88dbb39067f8bf08544b5f238274256

SHA256
01337efc52cb4cc1dc48d7d16b0b0fae9e69a7103a9fecb126f1c45197c7f068

SHA512
fb5963777738a907a00e4437ade23e16c1a9db480dc8a87310d7ad278871f57ad29f93ca457c9eb5bce4cfe9075b2e3264adbc7abd36fb74a56747a568e188b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe42DB.tmp

Filesize
24KB

MD5
db8bec2ac4111e432f77afd246b8722a

SHA1
5581fb13d78c5f5afe631d525500d7b08baaed78

SHA256
8d41b7f369360ffde8cc564f7a70c724a11511f9c29e17cc89f554a9e84a7e71

SHA512
77ac8106e40a48f5e0e14dfd15ecdb0cf3df18d19233da3a7bce9045197194627e9f3866959da85cfb88058cb099a5f071f6dbc4cd23bb3af124dda821229318

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4471.tmp

Filesize
24KB

MD5
256233a5d3eea9b41e645230beae1aa7

SHA1
e224f2b691d1938a9580ec752d1c5de1017685ed

SHA256
cddba6bd4c84380da65492af085a71321d4c31f1800d0d4e8cb5fbd2a7c3a0ac

SHA512
922cc94d623e83be072f79750ff6ff391b9ee724d0f3b360afbd77f81dbe6bd1e173d7dc634b90a666da9d09d59efff7152fa473ada29736af0d588f9c4d0e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
9ea19135c5f4066ec4b4d174e449a048

SHA1
e660123c8bdb78bd462f4409775cc001fcb48a82

SHA256
33480a20d4109e995a5b40b5185dbe50175489aa235675938bcd526b9a5491a8

SHA512
49983b1b29c84bf03f43f93d378f81da38ca3c07b5070ca0d9e0f0fdec3312fedca114a35443b1df4fde31c7396fa88a534da1280497b857fc32ef88ecd019c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
bd61a44e67e377c0835923681ae1556f

SHA1
1a97f44c79a32a26a83f8c3c2f758134c5edba41

SHA256
37ceec410f689f296a3f769a1a05caae10a5ecc966919e9ebad7484f4f1404bd

SHA512
c46b867633de1ce877d9d682817ab76e291485fdc4ddd34c1d26a458f253a384a6d11fd91eb70e28a5177a50d35c5585fa9f22729ce93afa90337de5a42b629a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
f8604f335573511b53fe2b1cc62d8cf8

SHA1
003681dd3f05d23488c435bea5c5eaf0dc9ee508

SHA256
bc8bcb31ec939371e42ab68ec6a420b4819026f3cc78055de549de76bee12d6e

SHA512
b7ed84e6c273e740b47ff73310bbfa4c98fe112da124d1c9b9df6863b7d8cffccfac2396dd0cb3a177f692a84c185b4e0ac3d60835ed8e47443f051695f8e05d

Download Submit
\Users\Admin\AppData\Local\Temp\42DA.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1912-68-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/1912-66-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/1948-143-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1948-149-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2476-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2476-160-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2552-137-0x0000000000330000-0x0000000000364000-memory.dmp

Filesize
208KB

Download
memory/2732-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads