4c763635476d0ac2add1904173e286ed115ec3157e9749eca5d8dbf148b1babd

Analysis

max time kernel
146s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf245e182f190ac1038b2211880624e1.exe
Size

209KB
MD5

bf245e182f190ac1038b2211880624e1
SHA1

9fe97778fee4d812ea661d3cb0c00552b56f83bb
SHA256

4c763635476d0ac2add1904173e286ed115ec3157e9749eca5d8dbf148b1babd
SHA512

4ca2efe4ebf39f31d4c4dd31f9dd435560d5cbdf9ca8fddf5ec3c9c71a93c712afd2a4bdaa5ac6d3ce5989fae543761296364aacf8691633a14ccaedbc7e3eb9
SSDEEP

6144:7l0n6au0M3RGRBvBi05Nb06mpCsUiXIculBK:Cn6au09RhB1jbr+pYcY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2620	u.dll
2692	u.dll
1620	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2848	cmd.exe
2848	cmd.exe
2848	cmd.exe
2848	cmd.exe
2692	u.dll
2692	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2848	2968	bf245e182f190ac1038b2211880624e1.exe	29
PID 2968 wrote to memory of 2848	2968	bf245e182f190ac1038b2211880624e1.exe	29
PID 2968 wrote to memory of 2848	2968	bf245e182f190ac1038b2211880624e1.exe	29
PID 2968 wrote to memory of 2848	2968	bf245e182f190ac1038b2211880624e1.exe	29
PID 2848 wrote to memory of 2620	2848	cmd.exe	30
PID 2848 wrote to memory of 2620	2848	cmd.exe	30
PID 2848 wrote to memory of 2620	2848	cmd.exe	30
PID 2848 wrote to memory of 2620	2848	cmd.exe	30
PID 2848 wrote to memory of 2692	2848	cmd.exe	31
PID 2848 wrote to memory of 2692	2848	cmd.exe	31
PID 2848 wrote to memory of 2692	2848	cmd.exe	31
PID 2848 wrote to memory of 2692	2848	cmd.exe	31
PID 2692 wrote to memory of 1620	2692	u.dll	32
PID 2692 wrote to memory of 1620	2692	u.dll	32
PID 2692 wrote to memory of 1620	2692	u.dll	32
PID 2692 wrote to memory of 1620	2692	u.dll	32
PID 2848 wrote to memory of 1604	2848	cmd.exe	33
PID 2848 wrote to memory of 1604	2848	cmd.exe	33
PID 2848 wrote to memory of 1604	2848	cmd.exe	33
PID 2848 wrote to memory of 1604	2848	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\bf245e182f190ac1038b2211880624e1.exe
"C:\Users\Admin\AppData\Local\Temp\bf245e182f190ac1038b2211880624e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\64AC.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save bf245e182f190ac1038b2211880624e1.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\73E8.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\73E8.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe73E9.tmp"
      4⤵
      Executes dropped EXE
      PID:1620
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\64AC.tmp\vir.bat

Filesize
1KB

MD5
0e127518351c92ce6592eab985a815b4

SHA1
8f9b834774809ead370d0fd00f3bf85f4382f853

SHA256
705a8a351c7cde5479bb5c10aa9504fd636879722c8dd196f8a0cc0762fa0486

SHA512
44ab09994bb512de0df05f93081ed3a994e628582ebadcb189fc3c5cb8b43323d0a24822314006e64ea0b9dc24db40f9057f7299134c7ef1463ddeeaaec58cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe73E9.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe73E9.tmp

Filesize
25KB

MD5
a7fb3de892773a55d1cb355013d339b4

SHA1
587065ba85e85685686d183d753142239570b537

SHA256
46768a61c8485cceff0b1ce8b9a4230fd7acda615c112b970592aa436f96f7f2

SHA512
8e7b3271a38e914d98138f258cae731d92cf01ff47abf15494998d5e87f761bf9fe09a0681ecb4878942f6b589f202d10d223f831c333e70e6a6be9d1c4d681a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe73E9.tmp

Filesize
41KB

MD5
fc71d91a19a6c7dc29f3aea780627213

SHA1
2b0f5477e07d585ea8471ec87becdc83045d8ec0

SHA256
60ad9ffd3f72533fdcc319dd7cf9213d38097f49f40d0f2001b373841fd00c33

SHA512
3ce7c6abdd8e38ac9c2e0d257fbb0b8c34d17f446250ca1b1d79e1cf49fa3fb710183c7deaa9ba8ada24eeef7f07b39437761877126e98945bbb3b125cd56eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
d0f82f8a4d49fa0724bb3c77e877c8c8

SHA1
64f4374bacad365c2fe64f7ad7ad80727a681d10

SHA256
868222539480c7e1b496b1911abca38d825182e8818d09a4317fcb00f2e81f04

SHA512
7d655370108729fc26ab31e475b00004198b1a98c708652889e7d7a66d6bb198fd291afa1729178dbb9048de3f4cea2ca291824bef9b210cbeff1aa62af7e171

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
4854c2cbeaa4f6c1509b3da856d1af89

SHA1
3f7c995290f8c5f4b8957efe6e2eb16ebcac3f6f

SHA256
80f1ff7204a778c7842e97b9c181fa3879c2113e0737ea051311605d2b9e7741

SHA512
abfddc224445f8953dba09ef96c4c18d9d3543d1daf23793daa5cbab9b9357c9aac2d26af973b95df5fc55df9ade59d39ce44c6d19561628e450ea4dd23543f6

Download Submit
\Users\Admin\AppData\Local\Temp\73E8.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
418KB

MD5
085ae9032c9c29ca3da9a3e663da8e84

SHA1
4ce9d878763afc492fbb536646c328188dfde646

SHA256
af0e90b7a1dddd48fc9725d29dbb0b7d8166f7045ae6945a0d94dcb1027e2a9c

SHA512
fcfd69d5535a52ad060f1a43a343e025d0c02aaf36bd2601164d96a3cca128a5e4aaf5ed8b318438e50c65868a8b2bef0e12e6fd518ecc0af9f98d03583a9f8b

Download Submit
memory/1620-100-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2692-89-0x0000000001DF0000-0x0000000001E24000-memory.dmp

Filesize
208KB

Download
memory/2968-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2968-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads