cde9562cab02200758221670738714fdb158424c01d3d4badf4ddd19c6758ed8

General

Target

74ee2ae757e5ace18c575d68932c9de6.exe
Size

209KB
MD5

74ee2ae757e5ace18c575d68932c9de6
SHA1

06a2b1ba3b47fb861104a57f6ed970dec1a5806e
SHA256

cde9562cab02200758221670738714fdb158424c01d3d4badf4ddd19c6758ed8
SHA512

b66264afa47c52e85a6ac34553484d61ffe367fe7a713feced4390af4defc40f607e0e8bf486ff8e49a5a8183d8348e6b8821bd1cc3a232f0fad75dab2a138a6
SSDEEP

3072:RltGyseHukSkEzX7YNR+1kBBU23Om02eQivjCZEsgKIBNHe3G55VKpitC9YxQ91F:RltGmukSlzXkNR+1k1+keQane25dtja

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

u.dllmpress.exeu.dll

pid process

2820 u.dll
1996 mpress.exe
2556 u.dll
Loads dropped DLL 6 IoCs

Processes:

cmd.exeu.dll

pid process

2312 cmd.exe
2312 cmd.exe
2820 u.dll
2820 u.dll
2312 cmd.exe
2312 cmd.exe

pid	process
2820	u.dll
1996	mpress.exe
2556	u.dll

pid	process
2312	cmd.exe
2312	cmd.exe
2820	u.dll
2820	u.dll
2312	cmd.exe
2312	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

74ee2ae757e5ace18c575d68932c9de6.execmd.exeu.dll

description	pid	process	target process
PID 2272 wrote to memory of 2312	2272	74ee2ae757e5ace18c575d68932c9de6.exe	cmd.exe
PID 2272 wrote to memory of 2312	2272	74ee2ae757e5ace18c575d68932c9de6.exe	cmd.exe
PID 2272 wrote to memory of 2312	2272	74ee2ae757e5ace18c575d68932c9de6.exe	cmd.exe
PID 2272 wrote to memory of 2312	2272	74ee2ae757e5ace18c575d68932c9de6.exe	cmd.exe
PID 2312 wrote to memory of 2820	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 2820	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 2820	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 2820	2312	cmd.exe	u.dll
PID 2820 wrote to memory of 1996	2820	u.dll	mpress.exe
PID 2820 wrote to memory of 1996	2820	u.dll	mpress.exe
PID 2820 wrote to memory of 1996	2820	u.dll	mpress.exe
PID 2820 wrote to memory of 1996	2820	u.dll	mpress.exe
PID 2312 wrote to memory of 2556	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 2556	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 2556	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 2556	2312	cmd.exe	u.dll
PID 2312 wrote to memory of 1716	2312	cmd.exe	calc.exe
PID 2312 wrote to memory of 1716	2312	cmd.exe	calc.exe
PID 2312 wrote to memory of 1716	2312	cmd.exe	calc.exe
PID 2312 wrote to memory of 1716	2312	cmd.exe	calc.exe

C:\Users\Admin\AppData\Local\Temp\74ee2ae757e5ace18c575d68932c9de6.exe
"C:\Users\Admin\AppData\Local\Temp\74ee2ae757e5ace18c575d68932c9de6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\5FDC.tmp\vir.bat""
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2312

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 74ee2ae757e5ace18c575d68932c9de6.exe.com -include s.dll -overwrite -nodelete
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820

C:\Users\Admin\AppData\Local\Temp\6162.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\6162.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe6163.tmp"
4⤵
- Executes dropped EXE
PID:1996

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
3⤵
- Executes dropped EXE
PID:2556

C:\Windows\SysWOW64\calc.exe
CALC.EXE
3⤵
PID:1716

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5FDC.tmp\vir.bat
Filesize
1KB

MD5
845c669005d6fa7b724e3643c9d2f057

SHA1
7c31bc6fb7210a3920e8f3b1a80bd510b47e4bab

SHA256
ee693a828bf61e67f1d3a7ecdb0c3646fceccaa63de058f7cd815768b999d625

SHA512
8d4c89717b57ea9d70a1e81d9f731187113f754cd5f6d1c705bb3680ecdd0c91456ff4fb3934473c846a188c8323a2b40b4b622ca18f6c5d5716fdfd39ddc073

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe6163.tmp
Filesize
41KB

MD5
eb61cf56fbcb4df3063f769b9253d0d6

SHA1
40ed1c916836c754ec8e2a2848e105b7c5ca2ce0

SHA256
8bdacfe8ba9b56bfa495c199fd4dba7529226d56ab9e1b703099d5ab50f522db

SHA512
c1c949f66f8402d25d1dd3628c15628c086b673989a643302d3cfcc747083024ff3705f5e6468546adf3e49039c39105cacb231f1ecd832a062d79a70e8bc8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe6163.tmp
Filesize
24KB

MD5
db13a1ca279700803585addb4c2d9d75

SHA1
06021e11e31243c75f16b9a9cf50328247249173

SHA256
248d6232d520a79e482be66b6e2c33c93e56347eb8a1a47c2b0bbea1d2ccc530

SHA512
46ff562c73761e3b6ad7c1fa9c0314d0df2b9f9fe0f1467bbdc740e43bc4ce320c5dcbab518ff04b7115c272cdb284c4c1077d9c9eef96e33498e67f977704d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe63A4.tmp
Filesize
41KB

MD5
4f74129c104ef1d140d90e0ba568ce01

SHA1
6f3eff482f956305006b6768a2a6ff242798a45d

SHA256
7695698f1983d6f8884164972c0e546da7e4a29f3c2ac244927f5b28da24c753

SHA512
8757d38c206b29cbabc7ada99871fc590ff0a775814a74752b9f3971956e7c000ca259cc9e1906897a343397d4dcfe9c271024878de42eb87e22477a6fd50f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll
Filesize
700KB

MD5
fd0d0d7ae1d515c6a6a5e027a383e813

SHA1
5ac4fff2a23711869002bb26e4463530788e086d

SHA256
6429e1a8f97a7e8226cae762348ad91d938e474db9ac2eb7d5d3aa2cc4b6123e

SHA512
068bec88e014b8d1a657f1eb75dfa1730c48601c4dd69198214fb8ea95e4e99fd8b185dbd1ca2cc6b075acb950af299b2483a3176951d2e80b0070708791778a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat
Filesize
1KB

MD5
61d95beabf5f3b38339cac5854734332

SHA1
f4c9f27e6490ebd95d8298bec7424166919cb8d0

SHA256
a7e47940b3e23f80a86dee5ac2170af74c7f41480dfa928803fa0c3d182749e6

SHA512
f1826294891fe9ca22a440f80531576360c1073d11105650d2bfd2afe4f094e903549e2075380740aafd1e8153ac86a08daf22c433706cfadd1740f48502f896

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat
Filesize
1KB

MD5
75c4e79490188568f10cd004650648db

SHA1
cd7fb5dbe37e5e68c892f1c2c926861218dea37c

SHA256
ce3bb9cfa147b9c8f9d4280e77cc4a33025dae4a6cd0e31f971836bedd518dc2

SHA512
100f71b018a1de565044165a72441fdae8b717d0d87b093e712cb78ca2cec732d3b50f74aac282680a61601c0f305af817e8062c5aeec86de9e5f5334625cc06

Download Submit
\Users\Admin\AppData\Local\Temp\6162.tmp\mpress.exe
Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1996-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1996-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2272-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2272-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2820-62-0x0000000000720000-0x0000000000754000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads