99b123db0fe08d0293acfc269beaa482b251c679658519c5eb824b69e70bfea8

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

754ccec870955b142267ab51a1c14d56.exe
Size

208KB
MD5

754ccec870955b142267ab51a1c14d56
SHA1

9bb36a2bfe4c619256cb2f3211cc5f95b52ce813
SHA256

99b123db0fe08d0293acfc269beaa482b251c679658519c5eb824b69e70bfea8
SHA512

20f2a7e25fcfe2f0807c156f09a05d3514c6ab5e52b1d68404c9be93243926a010c198ffccda023fb702e3fc5a572ea39bb2349348de702f46bf608a0e2e0864
SSDEEP

6144:al7uXWeh2pwE5Wca5BFEQN4jFoU0Uue+Xa2I:PhW95yLGQN4mfRZXa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2876	u.dll
560	u.dll
2308	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2120	cmd.exe
2120	cmd.exe
2120	cmd.exe
2120	cmd.exe
560	u.dll
560	u.dll

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2120	1984	754ccec870955b142267ab51a1c14d56.exe	29
PID 1984 wrote to memory of 2120	1984	754ccec870955b142267ab51a1c14d56.exe	29
PID 1984 wrote to memory of 2120	1984	754ccec870955b142267ab51a1c14d56.exe	29
PID 1984 wrote to memory of 2120	1984	754ccec870955b142267ab51a1c14d56.exe	29
PID 2120 wrote to memory of 2876	2120	cmd.exe	30
PID 2120 wrote to memory of 2876	2120	cmd.exe	30
PID 2120 wrote to memory of 2876	2120	cmd.exe	30
PID 2120 wrote to memory of 2876	2120	cmd.exe	30
PID 2120 wrote to memory of 560	2120	cmd.exe	31
PID 2120 wrote to memory of 560	2120	cmd.exe	31
PID 2120 wrote to memory of 560	2120	cmd.exe	31
PID 2120 wrote to memory of 560	2120	cmd.exe	31
PID 560 wrote to memory of 2308	560	u.dll	32
PID 560 wrote to memory of 2308	560	u.dll	32
PID 560 wrote to memory of 2308	560	u.dll	32
PID 560 wrote to memory of 2308	560	u.dll	32
PID 2120 wrote to memory of 2516	2120	cmd.exe	55
PID 2120 wrote to memory of 2516	2120	cmd.exe	55
PID 2120 wrote to memory of 2516	2120	cmd.exe	55
PID 2120 wrote to memory of 2516	2120	cmd.exe	55
PID 2120 wrote to memory of 2528	2120	cmd.exe	33
PID 2120 wrote to memory of 2528	2120	cmd.exe	33
PID 2120 wrote to memory of 2528	2120	cmd.exe	33
PID 2120 wrote to memory of 2528	2120	cmd.exe	33
PID 2120 wrote to memory of 2568	2120	cmd.exe	54
PID 2120 wrote to memory of 2568	2120	cmd.exe	54
PID 2120 wrote to memory of 2568	2120	cmd.exe	54
PID 2120 wrote to memory of 2568	2120	cmd.exe	54
PID 2120 wrote to memory of 2588	2120	cmd.exe	35
PID 2120 wrote to memory of 2588	2120	cmd.exe	35
PID 2120 wrote to memory of 2588	2120	cmd.exe	35
PID 2120 wrote to memory of 2588	2120	cmd.exe	35
PID 2120 wrote to memory of 3044	2120	cmd.exe	34
PID 2120 wrote to memory of 3044	2120	cmd.exe	34
PID 2120 wrote to memory of 3044	2120	cmd.exe	34
PID 2120 wrote to memory of 3044	2120	cmd.exe	34
PID 2120 wrote to memory of 2564	2120	cmd.exe	53
PID 2120 wrote to memory of 2564	2120	cmd.exe	53
PID 2120 wrote to memory of 2564	2120	cmd.exe	53
PID 2120 wrote to memory of 2564	2120	cmd.exe	53
PID 2120 wrote to memory of 2020	2120	cmd.exe	52
PID 2120 wrote to memory of 2020	2120	cmd.exe	52
PID 2120 wrote to memory of 2020	2120	cmd.exe	52
PID 2120 wrote to memory of 2020	2120	cmd.exe	52
PID 2120 wrote to memory of 1968	2120	cmd.exe	51
PID 2120 wrote to memory of 1968	2120	cmd.exe	51
PID 2120 wrote to memory of 1968	2120	cmd.exe	51
PID 2120 wrote to memory of 1968	2120	cmd.exe	51
PID 2120 wrote to memory of 1576	2120	cmd.exe	50
PID 2120 wrote to memory of 1576	2120	cmd.exe	50
PID 2120 wrote to memory of 1576	2120	cmd.exe	50
PID 2120 wrote to memory of 1576	2120	cmd.exe	50
PID 2120 wrote to memory of 468	2120	cmd.exe	36
PID 2120 wrote to memory of 468	2120	cmd.exe	36
PID 2120 wrote to memory of 468	2120	cmd.exe	36
PID 2120 wrote to memory of 468	2120	cmd.exe	36
PID 2120 wrote to memory of 860	2120	cmd.exe	40
PID 2120 wrote to memory of 860	2120	cmd.exe	40
PID 2120 wrote to memory of 860	2120	cmd.exe	40
PID 2120 wrote to memory of 860	2120	cmd.exe	40
PID 2120 wrote to memory of 240	2120	cmd.exe	39
PID 2120 wrote to memory of 240	2120	cmd.exe	39
PID 2120 wrote to memory of 240	2120	cmd.exe	39
PID 2120 wrote to memory of 240	2120	cmd.exe	39

C:\Users\Admin\AppData\Local\Temp\754ccec870955b142267ab51a1c14d56.exe
"C:\Users\Admin\AppData\Local\Temp\754ccec870955b142267ab51a1c14d56.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\871A.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 754ccec870955b142267ab51a1c14d56.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:560
  - - C:\Users\Admin\AppData\Local\Temp\A322.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\A322.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeA323.tmp"
      4⤵
      Executes dropped EXE
      PID:2308
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:468
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:240
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:860
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1028
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1812
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1576
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2564
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2568
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\871A.tmp\vir.bat

Filesize
1KB

MD5
ab08efd3d54f1fd21e3e844660de9ed0

SHA1
b3797700fa9913301652fe819b4a10b8b0677781

SHA256
7a566121a2cbba94d6b03710c714ca53db70b4f6af5d6e1129e886dc525ab3fc

SHA512
da8bb6812041c6ddae844ccb69339495e29edff227d1a0c7f105c00d1a9e002ede4d17808f86347b9a56b21a9bd2ed2b0ad2022e6e3f5234fc0657c92edf5462

Download Submit
C:\Users\Admin\AppData\Local\Temp\A322.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA323.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA323.tmp

Filesize
25KB

MD5
ead1230f6ecd6dc3a4ea23c80eda5e3b

SHA1
6c7189d6e48adb176d1f53f5fa0fa80aa6796973

SHA256
f98ebb51ca2fdbfcdf5e3dd43e0f8089fd6b8cb353576501c577942d761e66b2

SHA512
976aabf50a01f2ab8623d00fd5210c2e031428a5bd8dfe05aaa194589c94cb54facf4cb367ae2a9c823d84b504b507186c5c200d9cfa0130377678c3e5a4affe

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA323.tmp

Filesize
43KB

MD5
6abd0e17bcacbc308f0367d6b549cce1

SHA1
d7dac1f11cf181174914a98236218adcaa50427f

SHA256
08a3015e8d099fc8ce5ea566fa1e742dd357b596b636286e194acadd1dbf5578

SHA512
b72b39d64a087f851c954740d7be93f1c2b4892afcbbae3ae58d016eca69457a622e83e2997ef6073c3f11f4cde9b562413c54407bb48bdf04cca532d81ff24f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
5eebc5137f7474ad3d1036a2fc92dd9b

SHA1
55adc9d05feae8b8866b4d3d9f47771b38c929ec

SHA256
0af0b0f54b7bf4e2bc934ff5122a4541df938d2c2865a9aca17d1e03f007d2da

SHA512
ae3709f5a675f318503de49045f4312169318b7e066ce1f0b78955235c2ecb62f242cdb4012527b2346be8c9a57056ebd13fcba810aeac6cf82f1b4464383483

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
bc70d6bbc682223d461c0c30d53d5f34

SHA1
2ecb020a1dfcacc3eba0aa6c3338af3e33b76bca

SHA256
5870cf3e8e260c6459e207deecc7b6628acb072657756e61c9841020a9b8b415

SHA512
4cca7d0f69090d4434e75390f14d546bb33e7301fa1cd0fe654545fbef25b19c7611c16fffb6301304c795c58a58d0e083ad2593ffa8cda4eb2800f1fe222baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
d4206f606768335ad1acd5c6d16661d2

SHA1
69dc05e1da9971b7315cc21a9261b4c3cc598411

SHA256
6b25ef700599278acb82b604d8c90fef2cda6373a12b7f6ac1fb18cd57b962cc

SHA512
79a0f95160a6db4c9bf2b7020afad2e20b10d3635ecb663d0af3c4b601bd240e6e0d870d0adb70c6bc666b466d079566261c17dd45403e16a81f6f7f407657b5

Download Submit
memory/560-95-0x0000000001CD0000-0x0000000001D04000-memory.dmp

Filesize
208KB

Download
memory/560-94-0x0000000001CD0000-0x0000000001D04000-memory.dmp

Filesize
208KB

Download
memory/1984-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1984-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2308-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2308-101-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads