582f2a226b1fb468fb66550af0460714fa5726a90166f3e6b7b781959116972c

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 07:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe
Size

208KB
MD5

96a9c3e3e95a7fdc6fba9c5c4b2836a0
SHA1

e489dc3db4bc0b45dca2572a5abc5703dac63e1f
SHA256

582f2a226b1fb468fb66550af0460714fa5726a90166f3e6b7b781959116972c
SHA512

4eb5ba9fa54f447f070f29c23fac5dd65d678a0b2d40ad316611ac99c7eec75c4a3932e2b1a9411ba8942fdbbad1f65a0f5a7e0fa27db21b28ce63e9633a4820
SSDEEP

6144:Pl0n6auM8x0lje5O/oTiuZ72RDUa8Xr5er1npPdEtc1:un6auM20lKt/6FSeT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2884	u.dll
2640	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2304	cmd.exe
2304	cmd.exe
2304	cmd.exe
2304	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2304	2428	96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe	29
PID 2428 wrote to memory of 2304	2428	96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe	29
PID 2428 wrote to memory of 2304	2428	96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe	29
PID 2428 wrote to memory of 2304	2428	96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe	29
PID 2304 wrote to memory of 2884	2304	cmd.exe	30
PID 2304 wrote to memory of 2884	2304	cmd.exe	30
PID 2304 wrote to memory of 2884	2304	cmd.exe	30
PID 2304 wrote to memory of 2884	2304	cmd.exe	30
PID 2304 wrote to memory of 2640	2304	cmd.exe	31
PID 2304 wrote to memory of 2640	2304	cmd.exe	31
PID 2304 wrote to memory of 2640	2304	cmd.exe	31
PID 2304 wrote to memory of 2640	2304	cmd.exe	31
PID 2304 wrote to memory of 2136	2304	cmd.exe	32
PID 2304 wrote to memory of 2136	2304	cmd.exe	32
PID 2304 wrote to memory of 2136	2304	cmd.exe	32
PID 2304 wrote to memory of 2136	2304	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe
"C:\Users\Admin\AppData\Local\Temp\96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\497E.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 96a9c3e3e95a7fdc6fba9c5c4b2836a0.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2640
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\497E.tmp\vir.bat

Filesize
1KB

MD5
acb0f9d49fe4c9a4e31b351179ef11ef

SHA1
2c3d264fb40878f16863daf1d6a517b954d37224

SHA256
f11244ab5e68dfaef0b2b8eec70045afcd5655a001bcd7ba4aec6d3ed58cd47a

SHA512
f2c41f605516111411f463a6d539adb4a081e97626d2e95d135b6474abf61f12d4b8116c89961c265cea9e387fa28ddc2d3db653ac24d980cfba57019cebccdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
9074e83f40cc5b2b8d186830af80c7c8

SHA1
954eab21a0bd050043fdefe0085fd8a32d78e9c9

SHA256
ddf7b28df260eac406943760db8c3e84049fec7aeaf35bac70aa95ed5645a7e9

SHA512
0399c695e0da04606243b14302673dd1b3e60f20806bd9681dfdf5638eb1761af97d5b3f6434178cb853436ad9d51d0d2938595f9b51114ccba8dfe1aea0290d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
376622a1501cf5a54ff220d98e550699

SHA1
1852132951a5c5d91abcfee255ef621f3cf7460c

SHA256
cd3902a9f89b7b87f491fa256e9cc642f7a0d1ce176276a422c79e6a31a45256

SHA512
0d2f7db2c407a4cb7c5e2c2d6b80c7cd1a167900cf18b79c97cca65ae0409a2efc8388424f10c1d655b63f7f7c1ca15fa8ff8a1d76a8820bc041c01f3ed67479

Download Submit
memory/2428-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2428-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads