a29d2dc520f67e31d47f32a845d131075745d4102890823a0219bcedeea2ad24

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 01:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd450c162997a1c03c811800b867a5b3.exe
Size

209KB
MD5

bd450c162997a1c03c811800b867a5b3
SHA1

1c98e17b3d14ae8e22e73626514c6472359d9a0d
SHA256

a29d2dc520f67e31d47f32a845d131075745d4102890823a0219bcedeea2ad24
SHA512

0b2d04439b00afcd57c5dbcf81684f72b9445d941ade36a13d53d7f4a1ca27a2ef4108460ada1235a996e8af75d88d90c0debe1027b1ee6979bfdebb3175598b
SSDEEP

6144:Ol7uqX6NZCYynsibCEjAeAVJkLXHeymF/MhifkzaBV:aYysimNebqbF/rdBV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2616	u.dll
2608	mpress.exe
2396	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2068	cmd.exe
2068	cmd.exe
2616	u.dll
2616	u.dll
2068	cmd.exe
2068	cmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2068	2176	bd450c162997a1c03c811800b867a5b3.exe	29
PID 2176 wrote to memory of 2068	2176	bd450c162997a1c03c811800b867a5b3.exe	29
PID 2176 wrote to memory of 2068	2176	bd450c162997a1c03c811800b867a5b3.exe	29
PID 2176 wrote to memory of 2068	2176	bd450c162997a1c03c811800b867a5b3.exe	29
PID 2068 wrote to memory of 2616	2068	cmd.exe	30
PID 2068 wrote to memory of 2616	2068	cmd.exe	30
PID 2068 wrote to memory of 2616	2068	cmd.exe	30
PID 2068 wrote to memory of 2616	2068	cmd.exe	30
PID 2616 wrote to memory of 2608	2616	u.dll	31
PID 2616 wrote to memory of 2608	2616	u.dll	31
PID 2616 wrote to memory of 2608	2616	u.dll	31
PID 2616 wrote to memory of 2608	2616	u.dll	31
PID 2068 wrote to memory of 2396	2068	cmd.exe	32
PID 2068 wrote to memory of 2396	2068	cmd.exe	32
PID 2068 wrote to memory of 2396	2068	cmd.exe	32
PID 2068 wrote to memory of 2396	2068	cmd.exe	32
PID 2068 wrote to memory of 2712	2068	cmd.exe	33
PID 2068 wrote to memory of 2712	2068	cmd.exe	33
PID 2068 wrote to memory of 2712	2068	cmd.exe	33
PID 2068 wrote to memory of 2712	2068	cmd.exe	33
PID 2068 wrote to memory of 1824	2068	cmd.exe	34
PID 2068 wrote to memory of 1824	2068	cmd.exe	34
PID 2068 wrote to memory of 1824	2068	cmd.exe	34
PID 2068 wrote to memory of 1824	2068	cmd.exe	34
PID 2068 wrote to memory of 1028	2068	cmd.exe	35
PID 2068 wrote to memory of 1028	2068	cmd.exe	35
PID 2068 wrote to memory of 1028	2068	cmd.exe	35
PID 2068 wrote to memory of 1028	2068	cmd.exe	35
PID 2068 wrote to memory of 748	2068	cmd.exe	36
PID 2068 wrote to memory of 748	2068	cmd.exe	36
PID 2068 wrote to memory of 748	2068	cmd.exe	36
PID 2068 wrote to memory of 748	2068	cmd.exe	36
PID 2068 wrote to memory of 1992	2068	cmd.exe	37
PID 2068 wrote to memory of 1992	2068	cmd.exe	37
PID 2068 wrote to memory of 1992	2068	cmd.exe	37
PID 2068 wrote to memory of 1992	2068	cmd.exe	37
PID 2068 wrote to memory of 2348	2068	cmd.exe	38
PID 2068 wrote to memory of 2348	2068	cmd.exe	38
PID 2068 wrote to memory of 2348	2068	cmd.exe	38
PID 2068 wrote to memory of 2348	2068	cmd.exe	38
PID 2068 wrote to memory of 688	2068	cmd.exe	39
PID 2068 wrote to memory of 688	2068	cmd.exe	39
PID 2068 wrote to memory of 688	2068	cmd.exe	39
PID 2068 wrote to memory of 688	2068	cmd.exe	39
PID 2068 wrote to memory of 488	2068	cmd.exe	40
PID 2068 wrote to memory of 488	2068	cmd.exe	40
PID 2068 wrote to memory of 488	2068	cmd.exe	40
PID 2068 wrote to memory of 488	2068	cmd.exe	40
PID 2068 wrote to memory of 364	2068	cmd.exe	41
PID 2068 wrote to memory of 364	2068	cmd.exe	41
PID 2068 wrote to memory of 364	2068	cmd.exe	41
PID 2068 wrote to memory of 364	2068	cmd.exe	41
PID 2068 wrote to memory of 2028	2068	cmd.exe	42
PID 2068 wrote to memory of 2028	2068	cmd.exe	42
PID 2068 wrote to memory of 2028	2068	cmd.exe	42
PID 2068 wrote to memory of 2028	2068	cmd.exe	42
PID 2068 wrote to memory of 2172	2068	cmd.exe	43
PID 2068 wrote to memory of 2172	2068	cmd.exe	43
PID 2068 wrote to memory of 2172	2068	cmd.exe	43
PID 2068 wrote to memory of 2172	2068	cmd.exe	43
PID 2068 wrote to memory of 2140	2068	cmd.exe	44
PID 2068 wrote to memory of 2140	2068	cmd.exe	44
PID 2068 wrote to memory of 2140	2068	cmd.exe	44
PID 2068 wrote to memory of 2140	2068	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\bd450c162997a1c03c811800b867a5b3.exe
"C:\Users\Admin\AppData\Local\Temp\bd450c162997a1c03c811800b867a5b3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7CFD.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save bd450c162997a1c03c811800b867a5b3.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\7EE0.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\7EE0.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe7EE1.tmp"
      4⤵
      Executes dropped EXE
      PID:2608
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2712
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1028
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:748
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:364
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:668
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:788
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:808
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:992
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:2060
- - C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    ose00000.exe
    3⤵
    PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7CFD.tmp\vir.bat

Filesize
1KB

MD5
cbec51d44aa9491b9e3c5cfa26304d24

SHA1
6ee521db016571c54f835dd62a408ff684b3b1d7

SHA256
8dca9dd0676bd537db01ae27accbdf5e60136055b01a926ee58eb68b2f861d2d

SHA512
dd1ea2c3f5adcf7e5766a3a9ef12a3aba3031dd5b6e11c0f8cb5dd3d59e3247809ce113b3e5381fd66e3302960028d69d32c3db31cbb2710eb93949c2d286ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7EE1.tmp

Filesize
41KB

MD5
21ad9b883cb5428eb7a8312dc2468537

SHA1
3e1e5c560a68d92786ed348752be55982c51a405

SHA256
84c821ba37101822b7b832fef732c9f6435c3fc039c3bc6d703c0c0ffc007b6d

SHA512
842ec74ffd31c02ad65f9a9ae2d3ffa0c6a9392bfb25d4e1fc45166abee90ba709ebfcfe14ee722221679d7a88d8438a7635e17a9b9be9f7803988b1d4a40cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7EE1.tmp

Filesize
741KB

MD5
e7b6f7a4a1a3ddbfdf44806ebe6558f8

SHA1
4bb3e6090c9f62f3c9433fdf4ce6fcf2c12ad621

SHA256
4e303bc747448496ec07aaddc486dddd42a35f96737d689657e1db4c1a6102b0

SHA512
8eaf215cde6f0c6e67e4ec17fa307c6539a91cd70dd46179359e0f2bd81d2428ef07215e811c3ce99e80014bd6368b5523d3049f0e85ab19780ad36e28d9e9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7EE1.tmp

Filesize
207KB

MD5
e5bc9d20b3957a943180388a295c7947

SHA1
e2fe5af14b9895bdd5b25f682ac30b06b74b6689

SHA256
5bba5074ee32ca9a5a5c4f6de3f97882a6c914f2bb78006fe1328bafff98e699

SHA512
ff2ef18b07c2532525ac5cc6010a6b4d4cfb33a47aaf52413cf26c1ae622562991f546690708f6e1a2602f8e5a73781c592c3621930ec30761499b359a79a1b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe7EE1.tmp

Filesize
741KB

MD5
a46cc81a44dab23eda28f1563440dec4

SHA1
557e5661b3c3669a65713bed06bb3bd274532470

SHA256
5de7ce78d21c8ff2531b05b0e8a8280b618b035ed4432f41bba642e814a637de

SHA512
7510406c40738f84c461cf37babfd22a64b3caa4d1ec81040cff632510d4e76541d861aacbb585ceff4b93a2fdff416142e2c5182c7b611e7e028aba0b72f81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe82B8.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
5eebc5137f7474ad3d1036a2fc92dd9b

SHA1
55adc9d05feae8b8866b4d3d9f47771b38c929ec

SHA256
0af0b0f54b7bf4e2bc934ff5122a4541df938d2c2865a9aca17d1e03f007d2da

SHA512
ae3709f5a675f318503de49045f4312169318b7e066ce1f0b78955235c2ecb62f242cdb4012527b2346be8c9a57056ebd13fcba810aeac6cf82f1b4464383483

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
cfe87ba4452f765c25437045a212dbc5

SHA1
7872cca2294ea280ae3e58a9ef99db0a49e6cd5f

SHA256
61e6303fb7843c9222702d8df3bc91207a8e67459445fbac891984a980a6788f

SHA512
701ba9ee052733b0d3c39e30a250117a28f8e69516df47dd2c011bf505dacd5d09e67673b1bef88f2dad2a16388cbb2f1f812fc3e22992d5c377f88c9097af54

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
b55b32221c210dbbca4ebfe5673ac8f2

SHA1
da6bd75ee3a09d56c748fd20ec517cbdfe290a37

SHA256
098380a20f64f79c83a2d0f78e74a7cb308496038da1172d18866226dee1a0de

SHA512
defa43a5f60b925a2f1a003bcc3b1d51282ec49ad6925af285078872be9f193f4bf2b01041ecc775bd1a8168f159c309d8c38f4f42dbc69300c421023a231c88

Download Submit
\Users\Admin\AppData\Local\Temp\7EE0.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2176-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2176-110-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2608-72-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-65-0x0000000000720000-0x0000000000754000-memory.dmp

Filesize
208KB

Download
memory/2616-60-0x0000000000720000-0x0000000000754000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads