038f45efae2488a4433ba20dfc121b82faf4f268f79ac2ba044eab87770397ee

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3eb45e0dd9ef12e964161c530c8fe75.exe
Size

209KB
MD5

b3eb45e0dd9ef12e964161c530c8fe75
SHA1

ec61469fc74775b8c8c07d22058c00d48ffc0c49
SHA256

038f45efae2488a4433ba20dfc121b82faf4f268f79ac2ba044eab87770397ee
SHA512

a321fa74547b05c323a128257e5fc6fde6c285f43af6b3ce1e76c7337df3900e989dd14303d6537498b3d9a17ff44c2e2820a89bf8800f637ba8f43786a41117
SSDEEP

6144:blH4yqGR3JDeO3/Z4Pev5LnmcvzUlkk+ha5:5FqE5Dt/dtLUln+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2488	u.dll
2068	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2896	cmd.exe
2896	cmd.exe
2896	cmd.exe
2896	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2896	2232	b3eb45e0dd9ef12e964161c530c8fe75.exe	29
PID 2232 wrote to memory of 2896	2232	b3eb45e0dd9ef12e964161c530c8fe75.exe	29
PID 2232 wrote to memory of 2896	2232	b3eb45e0dd9ef12e964161c530c8fe75.exe	29
PID 2232 wrote to memory of 2896	2232	b3eb45e0dd9ef12e964161c530c8fe75.exe	29
PID 2896 wrote to memory of 2488	2896	cmd.exe	30
PID 2896 wrote to memory of 2488	2896	cmd.exe	30
PID 2896 wrote to memory of 2488	2896	cmd.exe	30
PID 2896 wrote to memory of 2488	2896	cmd.exe	30
PID 2896 wrote to memory of 2068	2896	cmd.exe	31
PID 2896 wrote to memory of 2068	2896	cmd.exe	31
PID 2896 wrote to memory of 2068	2896	cmd.exe	31
PID 2896 wrote to memory of 2068	2896	cmd.exe	31
PID 2896 wrote to memory of 2432	2896	cmd.exe	32
PID 2896 wrote to memory of 2432	2896	cmd.exe	32
PID 2896 wrote to memory of 2432	2896	cmd.exe	32
PID 2896 wrote to memory of 2432	2896	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\b3eb45e0dd9ef12e964161c530c8fe75.exe
"C:\Users\Admin\AppData\Local\Temp\b3eb45e0dd9ef12e964161c530c8fe75.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\87C6.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save b3eb45e0dd9ef12e964161c530c8fe75.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2068
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87C6.tmp\vir.bat

Filesize
1KB

MD5
f65e7071c3ebdbd3db5cf5f028ed3b77

SHA1
d88707d1f6cd51a79368cc91dc0f7929c5f80f1d

SHA256
b0f53894adcf5f4fcb1e7ca37d35a5c7d140fd7e6a20d66daf31a30264ec37bf

SHA512
345048abe484a037d1aa4fe45c044b3cef7877d1721077f102e0ea4757050c37e5b37b150e50d98ab1f7882490e4ff0ed5bd12850057454b35eeeed2734b95b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
3c607da5e6f0242356c4c36e88fe1f74

SHA1
970ae782184c3e16f60142f0fbb9949ee5de6f25

SHA256
33a403471bbd02a2eba00cdff345fe614a6f4ed7258c4836419310fe2bb107f2

SHA512
ef594b1d430dc40289b58b9a2a41e1454dcd0655357eac15560d8941fc01ba15f89f1d37f2f1915c5629e9d4e06201fc96725a3ffc22ce595d36c4e78f0d8b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
cb8a0a0a9e06a95d19d887d50a1850e0

SHA1
c3e8cee9f1bcda28d6dfeaf2d16a45c7205c67be

SHA256
c09ff6599baa603db178c3befcb3087676b2cf3933286b058d377dbb3108c005

SHA512
4cbec5069743bdc838bcf772f08ab0b484b86fbfd0f16871d3d0d00bbf76e03d16fcadc8981f4a289b940b9cbab92425083f8b27adea68aecc65978ae6de05dc

Download Submit
memory/2232-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2232-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads