16d8a7cd502f74ba066ca367fe0776fc2abc5f84d9c3607aa0a933eeefdc6f5d

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74ca65a66575d33744565d8f74a2319c.exe
Size

208KB
MD5

74ca65a66575d33744565d8f74a2319c
SHA1

8287c7f009e9d7ef5cd365c05219c71bdedcef70
SHA256

16d8a7cd502f74ba066ca367fe0776fc2abc5f84d9c3607aa0a933eeefdc6f5d
SHA512

51270ae7eab3eacf563f6f0fab540772c7e2af4012a4b47069e0e1ea4c8da10dc0ef187b8646ac03125c7709b39e43904cb330188a195fcdcb689938f4458762
SSDEEP

6144:gl0n6au2fwUV0oThryu1BtjtruV35qo4rVEdoK:Tn6au2ft0ihryulj63H43K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2240	u.dll
2888	mpress.exe
2028	u.dll
2780	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2140	cmd.exe
2140	cmd.exe
2240	u.dll
2240	u.dll
2140	cmd.exe
2140	cmd.exe
2028	u.dll
2028	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2140	2128	74ca65a66575d33744565d8f74a2319c.exe	29
PID 2128 wrote to memory of 2140	2128	74ca65a66575d33744565d8f74a2319c.exe	29
PID 2128 wrote to memory of 2140	2128	74ca65a66575d33744565d8f74a2319c.exe	29
PID 2128 wrote to memory of 2140	2128	74ca65a66575d33744565d8f74a2319c.exe	29
PID 2140 wrote to memory of 2240	2140	cmd.exe	34
PID 2140 wrote to memory of 2240	2140	cmd.exe	34
PID 2140 wrote to memory of 2240	2140	cmd.exe	34
PID 2140 wrote to memory of 2240	2140	cmd.exe	34
PID 2240 wrote to memory of 2888	2240	u.dll	33
PID 2240 wrote to memory of 2888	2240	u.dll	33
PID 2240 wrote to memory of 2888	2240	u.dll	33
PID 2240 wrote to memory of 2888	2240	u.dll	33
PID 2140 wrote to memory of 2028	2140	cmd.exe	32
PID 2140 wrote to memory of 2028	2140	cmd.exe	32
PID 2140 wrote to memory of 2028	2140	cmd.exe	32
PID 2140 wrote to memory of 2028	2140	cmd.exe	32
PID 2028 wrote to memory of 2780	2028	u.dll	31
PID 2028 wrote to memory of 2780	2028	u.dll	31
PID 2028 wrote to memory of 2780	2028	u.dll	31
PID 2028 wrote to memory of 2780	2028	u.dll	31
PID 2140 wrote to memory of 2872	2140	cmd.exe	30
PID 2140 wrote to memory of 2872	2140	cmd.exe	30
PID 2140 wrote to memory of 2872	2140	cmd.exe	30
PID 2140 wrote to memory of 2872	2140	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\74ca65a66575d33744565d8f74a2319c.exe
"C:\Users\Admin\AppData\Local\Temp\74ca65a66575d33744565d8f74a2319c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\A0F.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 74ca65a66575d33744565d8f74a2319c.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2240

C:\Users\Admin\AppData\Local\Temp\B28.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\B28.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeB29.tmp"
1⤵
- Executes dropped EXE
PID:2780

C:\Users\Admin\AppData\Local\Temp\A4D.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\A4D.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeA4E.tmp"
1⤵
- Executes dropped EXE
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A0F.tmp\vir.bat

Filesize
1KB

MD5
d875e2e8420685a20ebaaaf2a457bee6

SHA1
5978366aafaacdddb1d8ac86eff3a9733affb6d1

SHA256
4436dc80ed833c137b3f00e4b7bb2a8e243dfc4096569d5742b2d04fb04fee2d

SHA512
a2387f3ce2fcd7a312475cb3957ca4b884df33b81198344176d814a6c51cf5353830df9bfc3b3f6721d7838264f74230ab3cc1d5db78f05d2e0429df763e0aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\A4D.tmp\mpress.exe

Filesize
94KB

MD5
39b731fc96a10462822a7a5a316f26ea

SHA1
8c1d58cfb18c390c582d2b76f2c8028abf6d065d

SHA256
2af0bf93723f227093e691de446690f072030f28be81b9009a32c125b488ce95

SHA512
59a9091f400f78172653123f5aee072f8fabaec4986d86f00522095ae3e74c5ef38b2493d4f7220574d8ad56888b7b69d1c804cd665e884465c264c2acf2a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\B28.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA4E.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeB29.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
249KB

MD5
a48c86ceba22315eeef772581af393d9

SHA1
2edaa60b8f8883cea350675b634cc2d0cd948b36

SHA256
503190960df67f00773bbb9dad426e15443b14f3a65e1df4a0a001f39b870f7d

SHA512
512029059dee704092b36f11b33bcefd5841d5f3fda786c2050d8bd05a7c4efe5cde1728422d6ab2fba326270a86e6e0503c6cdb8279ae265278ab1f5bddeb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
162KB

MD5
27b38b22dc5537c2a360d9cfa14e5a8b

SHA1
0827c68d3c2e7c862b5bec841ac137ddf14a2c23

SHA256
1582a0c6fd4e16d92d8d0ddad9602f64feeac858bbb88e443472f9eaaaeace97

SHA512
e2d092ee3c3c44b47510648a10a344aa017f1a3f76984f4f055521fa5316c3ed9d488f6730c2abdef1f4024ba0716e23849a51b491a361ea75886793317e8303

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
190KB

MD5
ba0433ee375b70dd5c7b7703aebff5d8

SHA1
135ab932db4a9b1e88c62159229bb3125928eb5e

SHA256
db793774d1dfe66e5566df729dcfbf697e6ead1e57426f4d298c03aa0556cc14

SHA512
c62e7f33de7c1796bab90f3f46d2c5940b6051bba5926ab34ff25648c671330b423ea297af1ca222e369ba34ffc6188e88f218b56ae9204eab91a25378740af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
100KB

MD5
8781a0bdb73a0d48c7a94b5494f15918

SHA1
3b00f9ebba5210a1c45622afb9e35a357d128df3

SHA256
718c08c8bb30ae5ed314d963c0c1e4bc5aa46fcfc0dd158ed700ada2786de6f8

SHA512
767de4c855ebcb13ab8239e9774bc984830ab1a0aaf82b168fefd9fb0442ba8ca3a7dbf5eb703d00690791e68d27723fe9e921e859796bf284dbf65d02031c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
286ddffdd9a388ab787293c6f0500056

SHA1
ebaef5548892bcab358fe5d46134436873afe4e5

SHA256
281dbd3bde28d8770b651f8f1a326e7be7873f10eca98538d7dbd4bddbefc36f

SHA512
03dc47c00b14250316d07e3a55b1088af6e1ff6b4b9e53d921838628fa2031237c7bb4c11472e3c3dd50054446b73820000b7d6f8880f1467b4aca78aedafdab

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
0daa6c1738d43948131669a6a6ffd44c

SHA1
dd96a2dda5073c1f78edb2034ee308312ae346e5

SHA256
aa57e1b84b3264f2f0e2901689f32e472026b85a95052941402df0851a8ede3e

SHA512
e931118a606c5818166c5ed2df30d5a019bb5002a17c8c67ec744c9e9d873566c4d8dad117f3348cc464ea741ab2dfe6ff2abc85266454a8a4d6576865a601c0

Download Submit
\Users\Admin\AppData\Local\Temp\B28.tmp\mpress.exe

Filesize
84KB

MD5
d27587138919d7c9389a88a79d85e082

SHA1
9d4a01ae4bde6226bdcbecb7c7b7da523061c6e7

SHA256
61e1a209d60f1bcf5b4f90791f003b3d844054039cd5e001406d07daac38d2a5

SHA512
9f03a174e66b4d0eaafa50d7f4d8b887da22bbed0d518a45b308509971ec007d65c48316ae3704e7eaf996388c544e4e7ffde89d2e6c09a6e6133ffff7d5cb34

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
147KB

MD5
406abff8f96478a36bd3c642b24b967e

SHA1
ca73c860f30f8800515efd02eee22ce9975cb74e

SHA256
530b683f4db24690e163d94e214301ee7be9330f665fc4af216d77cf6b3602b2

SHA512
a6a707c9e30594e16e7f77aaa76794bb8d9b8ce6b5436c824d539b05c82eece7797cc0876936f4ad732d85a4673e57d4753cf4945fc4f647147083c16418efb2

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
60KB

MD5
29e4145709c722335d72135e6fedb684

SHA1
3a5d421ccd8152ae26310c54c4734ea08f8c90d0

SHA256
e17146a83dfd5bfabd91e6faa366ed9451a5a89c47e6b14b462856883cd44ab6

SHA512
fd7ab8602916e49924756ce5e5734197d1be45e6d03f7c54519d52a53d9368e30977d87a33d79b3b70deba3608d09c313fbd32368945298d032a4ef2b911011b

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
86KB

MD5
e8c0d637fadb68c61f31e823eb6bc48d

SHA1
f0208678882391d82d021b1b68bcdfb1afd9e392

SHA256
e610ab799530108291cdf219b32b85cc8593dd5e0444b71d98ae5334273fe749

SHA512
a64d0fe894da02f47bd9c7b93a64679b3229d33a0cb63aff8f2b17a29d20f25d88621d9de7aa4a337bf0b6e3d200b1f0a9b1259f259185bcb76c443296fe32b9

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
110KB

MD5
592df085f608b9a7260894abad8a4d26

SHA1
5f822ff0f6042f50b75e3fc2d4d6dc8413d4db12

SHA256
7755e8939a406b350e01df6526d9fc5d49289315222720ab3f052cff39585797

SHA512
067b9a890ef151fb3f1897dbfb46b393fe1af9108fface0ca9042baef8d8bd4b4f8cb4053c441d4044f6f6859f6bd3b9f923ebe0edfe1baef6deeafa77e486d8

Download Submit
memory/2028-134-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2128-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2128-154-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2240-68-0x00000000004D0000-0x0000000000504000-memory.dmp

Filesize
208KB

Download
memory/2240-69-0x00000000004D0000-0x0000000000504000-memory.dmp

Filesize
208KB

Download
memory/2780-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2888-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2888-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads