fb13dc0c1467526c6f879daaa749486cd34c72b47ef51e1a5f3fb933cc590d8f

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae19e72a31d6b45a52fa1fbd9ad2249b.exe
Size

208KB
MD5

ae19e72a31d6b45a52fa1fbd9ad2249b
SHA1

8489cd383869548b599830e55f51dfbd4d143ebb
SHA256

fb13dc0c1467526c6f879daaa749486cd34c72b47ef51e1a5f3fb933cc590d8f
SHA512

da19624a884dd4d3440be0cdfd2d9fd6112808781f3f8ce050eb8d71285c90f1b22e046de97993bf8a2f015df550d09982855c540ffb17cd86d0f2e513ef2d17
SSDEEP

6144:KlGRgXm15iTEV0cSd/WBpnCOD5yBHRBvMhQ6KDx8:7v1Ec/CAQHPvMh2Dx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1128	u.dll
2456	mpress.exe
2968	u.dll
2488	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2332	cmd.exe
2332	cmd.exe
1128	u.dll
1128	u.dll
2332	cmd.exe
2332	cmd.exe
2968	u.dll
2968	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2332	3048	ae19e72a31d6b45a52fa1fbd9ad2249b.exe	29
PID 3048 wrote to memory of 2332	3048	ae19e72a31d6b45a52fa1fbd9ad2249b.exe	29
PID 3048 wrote to memory of 2332	3048	ae19e72a31d6b45a52fa1fbd9ad2249b.exe	29
PID 3048 wrote to memory of 2332	3048	ae19e72a31d6b45a52fa1fbd9ad2249b.exe	29
PID 2332 wrote to memory of 1128	2332	cmd.exe	30
PID 2332 wrote to memory of 1128	2332	cmd.exe	30
PID 2332 wrote to memory of 1128	2332	cmd.exe	30
PID 2332 wrote to memory of 1128	2332	cmd.exe	30
PID 1128 wrote to memory of 2456	1128	u.dll	31
PID 1128 wrote to memory of 2456	1128	u.dll	31
PID 1128 wrote to memory of 2456	1128	u.dll	31
PID 1128 wrote to memory of 2456	1128	u.dll	31
PID 2332 wrote to memory of 2968	2332	cmd.exe	32
PID 2332 wrote to memory of 2968	2332	cmd.exe	32
PID 2332 wrote to memory of 2968	2332	cmd.exe	32
PID 2332 wrote to memory of 2968	2332	cmd.exe	32
PID 2968 wrote to memory of 2488	2968	u.dll	33
PID 2968 wrote to memory of 2488	2968	u.dll	33
PID 2968 wrote to memory of 2488	2968	u.dll	33
PID 2968 wrote to memory of 2488	2968	u.dll	33
PID 2332 wrote to memory of 2028	2332	cmd.exe	34
PID 2332 wrote to memory of 2028	2332	cmd.exe	34
PID 2332 wrote to memory of 2028	2332	cmd.exe	34
PID 2332 wrote to memory of 2028	2332	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\ae19e72a31d6b45a52fa1fbd9ad2249b.exe
"C:\Users\Admin\AppData\Local\Temp\ae19e72a31d6b45a52fa1fbd9ad2249b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1E2B.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ae19e72a31d6b45a52fa1fbd9ad2249b.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\1F53.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\1F53.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe1F54.tmp"
      4⤵
      Executes dropped EXE
      PID:2456
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\20CA.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\20CA.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe20CB.tmp"
      4⤵
      Executes dropped EXE
      PID:2488
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1E2B.tmp\vir.bat

Filesize
1KB

MD5
6d7257cc6c671aac5b0c722ce9eb97f9

SHA1
cbb624fd3143e6bcf670423ed5204fff2723c3e3

SHA256
ea6bc5b89778e1efb69d029c3ff27154db2571da14f253015140dae245c3783a

SHA512
8937707efc801378e7fe0549fbf79925dfc8f32dd25827a27f0523da1af9405f986712af6cbe737fce7caa22a4ac36edf3ec3352bf3698dfd863f783ee8d8732

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1F54.tmp

Filesize
41KB

MD5
4d1c4e637e66e3aee050194ee149b1ae

SHA1
542aab9bf825e8cbb8afc946b8fe555ea402a413

SHA256
ba3591ba0a42bd2556af093af3beb685383b239570a459d00ad9ff0747851e25

SHA512
801010a3a79285d26a7ecd84928b7e24de7adab6ad67d2d2ebc81a5639a6b9ea9f0f5cb087e1dfbda5a9cfa031bc2f1798f18d688a7cfc600cb9cde670862011

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1F54.tmp

Filesize
41KB

MD5
1bac1e68caa8b23d9184cccea5a53ea0

SHA1
fb5975bd115ce664edb0dbffc40b31658db27ecb

SHA256
0cc9c7bc2b253b169ea4d05eed4b83ec4eb9cd5b7c7cdcdd24b3d0807e818c53

SHA512
40cbdef12fe81b6328a080b6f2d92bb65f02062783449bbd0c9646da1b304465c2243835d93c6add8832d1572d4ae69dac4773fa6b29b9af7cacccaebeb08288

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe1F54.tmp

Filesize
25KB

MD5
d19ab94a86e4c992930d7f585339e982

SHA1
aaa1aff3c3df7d9c34953572a907fd72353f66b9

SHA256
c719871d8ed6ea83bcac40347bd01e141f79a05f67893027fa96d3c874662c1f

SHA512
a859740f28a70bd2ec4ddd551571cfcc2f5f59db9236b9a716b0f236502b794d2e0c8e9e5bb592769147bf08117ae1759ec19f4deaef9a42a6635530bc89edc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe20CB.tmp

Filesize
43KB

MD5
c84ee710c097a3314958f29e788e0242

SHA1
0422310431ccc7d83e8d17106ec4367dfe4f3d0b

SHA256
1888a0d03273459a8c907eb1960af1f4aa5c610eaa6c79bed389909249d3aedb

SHA512
28183186acae8cf7be33a9eb425316f7f962959dd24bfb4da6cabe8dcbe679db24657e11fe5555027bf5643e6c27daba9d37dea6173a9c00d2668c4a2acacd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe20CB.tmp

Filesize
743KB

MD5
8e8135b3d667ae45c7583486b52791f0

SHA1
847c0355389fc33786587f3cd2ea6aa74ae72c14

SHA256
7ad6050aa2d8048adec6ba23adaa6adb95b1be45da549da441a09c46fe698130

SHA512
95516464d40bb05b7f4854f391ba0eb08a3c9c4f877615951e2d2dc9303356e10201b5ff438263b2fe8e932fdc8716cabdf5e5fe47d9320011c1051db47ba6ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe20CB.tmp

Filesize
208KB

MD5
6dfd8b5e1941f25c28fb425a85545a2d

SHA1
764127b6ac09450c36169bc61cfdb6d2666c8cb2

SHA256
fc1441da85c2fe0e717323cb9969018764e93b7b6e4244f2f3a08bf1f6faba2b

SHA512
0e4ba0f657578a1516d33c60aeed7d4d0fcc034079542ff043d0dceb4a3ae9a5a732d0616f7923e403bba67f3f3798dba8d318ea0a0365586cf374284b5b5405

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe20CB.tmp

Filesize
743KB

MD5
b97f9598f19e7f24fde5d0591c781a87

SHA1
c5fe883cd23b21d76f770e80196f54d25f9b50c7

SHA256
5000cf631c05128d26ed5fa382d67645378251e011dc7b304623fcfa5e82afb9

SHA512
6784a111ecc22c58aae11b104dc6a1cefe36a5594e7eb3ccef127b9776aa068416c604fd2ecf1cf0e811f66fa7fef44e5a761d3f9f2fd4d918bcacbcfc7b0ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e52e1dacca253a95205caebdf9ba61be

SHA1
89b934078b0ebb6045bcc17eee3395fc3af688ca

SHA256
bc6123009aa8bb34968892ccdd73ef4470aea0651056a9c81e10c60185b81621

SHA512
98cc05f9a24eb88d6c3be905c7870db5bc4d2b36c7a62abde8b2a4e3f2066bd715173c5b17d7066b8db049d6adba0a0b7a2214d3eb54a89ce5e1e97f6afcd4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
13865073dc27bba1610811eaf5e95e09

SHA1
5be3b32ddaf8f014a024b4faa05d43e53a2b583c

SHA256
f71a41da5b824df7baeeed2d16886b6532569dad73fb97d0a07517d1bdb85587

SHA512
71feeca521f91e2618af011c40d167fbe81caf86cb351e2c51748a985670adfc47398969ab497ce5cf0b446217830d725a685788b3c2ecce149ce2a5196e7ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
144473a96b3549ec9b070c6d30ecc912

SHA1
cb35111705e02c9bf27df9050793f7bf07c63a72

SHA256
7751f4980dbbc29bad2b03ea7452278c6e8e305e66bc2e0c7a717770d3650fcc

SHA512
3e1800c3ea5d4c6607409452a88c477c4b962503a5ab85de52624416b7073cb6135fcd97fa04fe63662c2da64d30011b9ad04814ae50b39e0ece582ddd94431f

Download Submit
\Users\Admin\AppData\Local\Temp\1F53.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1128-69-0x0000000001DD0000-0x0000000001E04000-memory.dmp

Filesize
208KB

Download
memory/1128-67-0x0000000001DD0000-0x0000000001E04000-memory.dmp

Filesize
208KB

Download
memory/2456-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2456-70-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2488-143-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2488-147-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2968-138-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/2968-141-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/3048-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3048-158-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads