5f415b3445bef9ac993830e75782d294c4e2703d81a9dd50a74d6703c638774d

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96d5b20e06aa79d275486d9e0b672e3b.exe
Size

209KB
MD5

96d5b20e06aa79d275486d9e0b672e3b
SHA1

49b95dec7c16df56a5a00e201f462f2c05c014e7
SHA256

5f415b3445bef9ac993830e75782d294c4e2703d81a9dd50a74d6703c638774d
SHA512

4e0a148819494114ca24f8411509273ead702fcc5ca6a7b8a1d213caf22dd77e2ca4771dbc581b5d405b92135abdb04664c0f6207f5381acd412422ce66c536d
SSDEEP

3072:/lV+n6au3tJn/bmeEJL/TpTv6dEuGxs5fcQG3Tg21i7JgkGwcXiLZQl5AAX9:/l0n6auL/SeEJ/pT0gs5K2743iFg/9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2676	u.dll
2604	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2904	cmd.exe
2904	cmd.exe
2904	cmd.exe
2904	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2904	1636	96d5b20e06aa79d275486d9e0b672e3b.exe	29
PID 1636 wrote to memory of 2904	1636	96d5b20e06aa79d275486d9e0b672e3b.exe	29
PID 1636 wrote to memory of 2904	1636	96d5b20e06aa79d275486d9e0b672e3b.exe	29
PID 1636 wrote to memory of 2904	1636	96d5b20e06aa79d275486d9e0b672e3b.exe	29
PID 2904 wrote to memory of 2676	2904	cmd.exe	30
PID 2904 wrote to memory of 2676	2904	cmd.exe	30
PID 2904 wrote to memory of 2676	2904	cmd.exe	30
PID 2904 wrote to memory of 2676	2904	cmd.exe	30
PID 2904 wrote to memory of 2604	2904	cmd.exe	31
PID 2904 wrote to memory of 2604	2904	cmd.exe	31
PID 2904 wrote to memory of 2604	2904	cmd.exe	31
PID 2904 wrote to memory of 2604	2904	cmd.exe	31
PID 2904 wrote to memory of 2640	2904	cmd.exe	32
PID 2904 wrote to memory of 2640	2904	cmd.exe	32
PID 2904 wrote to memory of 2640	2904	cmd.exe	32
PID 2904 wrote to memory of 2640	2904	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\96d5b20e06aa79d275486d9e0b672e3b.exe
"C:\Users\Admin\AppData\Local\Temp\96d5b20e06aa79d275486d9e0b672e3b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\390A.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 96d5b20e06aa79d275486d9e0b672e3b.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2604
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\390A.tmp\vir.bat

Filesize
1KB

MD5
4ada3a816fcaae74f87d784bb8bdc4fa

SHA1
8f73c7145477bfa9934d3d4c8292d25703b14572

SHA256
4bc9c9627ad271e9d022eb51816527aca778a0e028b9500974aa6f79358a3687

SHA512
052a33ceccc14928e280c05de616a9fbcdeec8a720c7817ed3592293495c138ba7dcbab3568158ff134e1d355157730f53e301639b564e0c382ff7558df8a66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
529d4cc0a7b79fe2209e27b4d686d9b8

SHA1
bb69d3a0dbf603777c1476ce52e4f7ea211043c9

SHA256
03fba07be41801cd8216fe9a5fdc80bfffc3133a112a64c1739ff2ae4b340a99

SHA512
4975f42720e8d7a307737395228712131a288599c78421e3ed595f3c20548359730c8b3be0f39e1110bb5caa9630026f72a2c7fc1389ec99bed865f5946f9388

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e6d198a2e255f0a8298e91f1e070fff9

SHA1
3d885ca662efba09c3690f7f07cd3082950ce307

SHA256
c7b199cce4efa40886d1dc5628ebb2998aba27e9b265655e562c1e9e57d41a22

SHA512
a5d87af9cd97156f07aaaece0b363e0de6c25f6692dbc4fe3e3d9cb9f5fb859a61de8c486890fe5c4d2ff8e1d0134a2581e0469e64f0c0ec4a380d38a60faa86

Download Submit
memory/1636-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1636-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads