53ff05aced3d23957ff7ed482000ff3849cd806bb9819cb378fbbaa82f0871be

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 16:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c106be2887b955a3ab2a565b6a1f8aa1.exe
Size

208KB
MD5

c106be2887b955a3ab2a565b6a1f8aa1
SHA1

e3a8e2e8c4c8f97d7c44157584b9f2fa296b45eb
SHA256

53ff05aced3d23957ff7ed482000ff3849cd806bb9819cb378fbbaa82f0871be
SHA512

5c3737be879d2cf10c50dfc9af10b904898476e4619d0f45689029a0285849179fa4c9bbc8593a6ba9e20201adcebf3a91b017f57ac96c4245af46a68fa3ecda
SSDEEP

6144:ml4mjZF//FfhQOvrvkEfmNE4Gavvxx+GYsAdR7sXb+4:ur//Dvkh1hvGR7sX64

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2636	u.dll
2644	u.dll
2016	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
3040	cmd.exe
3040	cmd.exe
3040	cmd.exe
3040	cmd.exe
2644	u.dll
2644	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3040	1280	c106be2887b955a3ab2a565b6a1f8aa1.exe	29
PID 1280 wrote to memory of 3040	1280	c106be2887b955a3ab2a565b6a1f8aa1.exe	29
PID 1280 wrote to memory of 3040	1280	c106be2887b955a3ab2a565b6a1f8aa1.exe	29
PID 1280 wrote to memory of 3040	1280	c106be2887b955a3ab2a565b6a1f8aa1.exe	29
PID 3040 wrote to memory of 2636	3040	cmd.exe	30
PID 3040 wrote to memory of 2636	3040	cmd.exe	30
PID 3040 wrote to memory of 2636	3040	cmd.exe	30
PID 3040 wrote to memory of 2636	3040	cmd.exe	30
PID 3040 wrote to memory of 2644	3040	cmd.exe	31
PID 3040 wrote to memory of 2644	3040	cmd.exe	31
PID 3040 wrote to memory of 2644	3040	cmd.exe	31
PID 3040 wrote to memory of 2644	3040	cmd.exe	31
PID 2644 wrote to memory of 2016	2644	u.dll	32
PID 2644 wrote to memory of 2016	2644	u.dll	32
PID 2644 wrote to memory of 2016	2644	u.dll	32
PID 2644 wrote to memory of 2016	2644	u.dll	32
PID 3040 wrote to memory of 2648	3040	cmd.exe	33
PID 3040 wrote to memory of 2648	3040	cmd.exe	33
PID 3040 wrote to memory of 2648	3040	cmd.exe	33
PID 3040 wrote to memory of 2648	3040	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\c106be2887b955a3ab2a565b6a1f8aa1.exe
"C:\Users\Admin\AppData\Local\Temp\c106be2887b955a3ab2a565b6a1f8aa1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\6577.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save c106be2887b955a3ab2a565b6a1f8aa1.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\80D3.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\80D3.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe80D4.tmp"
      4⤵
      Executes dropped EXE
      PID:2016
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6577.tmp\vir.bat

Filesize
1KB

MD5
053bcbe199bcda90f899710afd295b73

SHA1
532f25a250c01c4ce6e01d4cc83135ee87897ff0

SHA256
99eef0d2c41a482543958f87c2a1471994209110e1aba1b8b5f11bd2ec68ae5d

SHA512
d5acee44fa8e7fb30fea697790fc51014fdb0d5c534dc783a3c750fac99f8c5f40be0ebcc28533f6bf1fff26793cb54757a373f1b51cf3a410b56e30ea32c445

Download Submit
C:\Users\Admin\AppData\Local\Temp\80D3.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe80D4.tmp

Filesize
41KB

MD5
9cdcf02f847ddde1f3b62c676c5cc737

SHA1
1e28bc7716cb6adb55b1b397dbabbe31adba3cf2

SHA256
d7726cc05bcd788912a23fc85f233775da28cb0d4d2920c2be66e5cc69e2b7ae

SHA512
438303dceafa36ac40271d6b7759248357109cc479a53dd4eb472ab35d51f333f629be2da54fc113bcdcf2bb4bdf4201b5075351842d20d7e818c80a31b88e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe80D4.tmp

Filesize
24KB

MD5
eb5c17e4c5dea19267f445fef0699c13

SHA1
e651b2abf62d10687c704b49416ad91d5fcaeb87

SHA256
f53b5c0c5d0b67cdcaf2139d550b035de003d94a86a80a9d77bb70100e3e7e0c

SHA512
505ac3d12c48234ed1fd72fa3bc75f27cda923dc89666552ac1de8f17e51d8473c315ba7ec682fd703e17cbe81bb3d7d04485839d0a0481c96a4db1fd07eebf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe80D4.tmp

Filesize
41KB

MD5
9f3c888dc0e59c4e7c309dc01b189a11

SHA1
4ca0128bafb094f389d3c6eb806a5f2e13e1ea42

SHA256
6354ef941e5047eb0abdb509bc47b2d10030bf0b1b722cc99b44274b22701e36

SHA512
44486f8a61310a636b3a0eccbc31c66e106a4bc8f8342526c2e02a45ec5ef130ea4420d7bc8c09fcd5372b451aad9a8af5eb23a9b47c9d19c14e58e14b98de64

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
ac3e2f16df5b8e004bc7528957957c95

SHA1
318dfb96abdc8e9d3778788dfdbb1f3dba885fba

SHA256
c53ac431faed8f5ab7c67b254f913efe0dceaafdbf26b02b930d07f45d840fe2

SHA512
4c60d3b255c38807a104e4362493dbf651fb8893633e94ee9a4c69770773f8d7bf95d310051154b9bd74d6eb1993626a5eb107e74e891d681f0398c64a7ebaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
123KB

MD5
06e272e7da16d66f72660397defd9c16

SHA1
1c005544034d3a36f6881f99bffebaa62a5b55ab

SHA256
002ab2782b0ebde66f25b08ae930f95d680af3fbd5f5fcb467d72a5503fc359c

SHA512
799238c83ce31a53359ab3e40068029e78ee398d5638430f5cde1e7cabd4b5ce63067e7234e69dd715f40295ea1aef9ef4ca22a7abf044bdeb494df458b25ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
68be65ceb968ca7ce7adfa75c1a04387

SHA1
4e26ceae909ac554f653207908307d59d99234ca

SHA256
b46f0f1b5c2907e0e69ad78c21592ef3b836321a7f79cd62f0b101efb7aa7695

SHA512
d651d655f40014e0125d192548efff170e990d3311f7f2abbeb9c6ad20eb902054c96d95f693dda721efd1da92e2156366071460a8002ca5527e21c2ee6e9af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2412f87c7653f1687214f258196557ba

SHA1
883c9c1d9b867a2e673f56576a9e9bb6b54822ba

SHA256
80561dffa73bd32fd9429a5f2ed8dd77719e3f4b790b159c949875e9106a31c3

SHA512
1cc330175237e1d69a1caecbe4fc84799362245696bcd3d65116ae4b16408b86a7119419fc5189ab6364f393ec141903b9b04c89621155c38116a721a3f85823

Download Submit
\Users\Admin\AppData\Local\Temp\u.dll

Filesize
245KB

MD5
e608c8f622a5507b60ff5c01c8ade176

SHA1
79c26c0997e21e8bfccbcc802f75d9b23d5ed3db

SHA256
37b875997f6f3757434d8e3504551deb5d31a087158b56ea2d70c1aaafb20a5d

SHA512
0f30cb373e4e8ef91af1c312dc260d81ba51569539566c26f4193c2c1b55980c452167ff17e0b7a1acadea728f8ded081e51aa58da360373df170b40341198c2

Download Submit
memory/1280-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1280-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2016-95-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2016-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2644-97-0x0000000000290000-0x00000000002C4000-memory.dmp

Filesize
208KB

Download
memory/2644-93-0x0000000000290000-0x00000000002C4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads