320e88fe8dca91b941c2638bca266fbb0a0375935b1be1a7287b66d2a9313f14

General

Target

c8cdaba87654df78a8a8d4f465baa400.exe
Size

209KB
MD5

c8cdaba87654df78a8a8d4f465baa400
SHA1

5025f316022b1bb6fd90bb5ad486c8232283295c
SHA256

320e88fe8dca91b941c2638bca266fbb0a0375935b1be1a7287b66d2a9313f14
SHA512

bca32ca28a2dbbad297bb94c6ee77d5aa142fe878f2c75741d5b5e6e167c13f12a70b079e583f0c7e942a8d8b346f415bad988a4168288272579a190f86242ba
SSDEEP

6144:iltGmuktN4HejL+mz1KUG8KilCMK3yXrnb4V5N2:mGmFN4+jL+mz1KUG8vCNarb4V+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2588	u.dll
2872	u.dll
1364	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2216	cmd.exe
2216	cmd.exe
2216	cmd.exe
2216	cmd.exe
2872	u.dll
2872	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2216	2460	c8cdaba87654df78a8a8d4f465baa400.exe	29
PID 2460 wrote to memory of 2216	2460	c8cdaba87654df78a8a8d4f465baa400.exe	29
PID 2460 wrote to memory of 2216	2460	c8cdaba87654df78a8a8d4f465baa400.exe	29
PID 2460 wrote to memory of 2216	2460	c8cdaba87654df78a8a8d4f465baa400.exe	29
PID 2216 wrote to memory of 2588	2216	cmd.exe	30
PID 2216 wrote to memory of 2588	2216	cmd.exe	30
PID 2216 wrote to memory of 2588	2216	cmd.exe	30
PID 2216 wrote to memory of 2588	2216	cmd.exe	30
PID 2216 wrote to memory of 2872	2216	cmd.exe	31
PID 2216 wrote to memory of 2872	2216	cmd.exe	31
PID 2216 wrote to memory of 2872	2216	cmd.exe	31
PID 2216 wrote to memory of 2872	2216	cmd.exe	31
PID 2872 wrote to memory of 1364	2872	u.dll	32
PID 2872 wrote to memory of 1364	2872	u.dll	32
PID 2872 wrote to memory of 1364	2872	u.dll	32
PID 2872 wrote to memory of 1364	2872	u.dll	32
PID 2216 wrote to memory of 1772	2216	cmd.exe	33
PID 2216 wrote to memory of 1772	2216	cmd.exe	33
PID 2216 wrote to memory of 1772	2216	cmd.exe	33
PID 2216 wrote to memory of 1772	2216	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\c8cdaba87654df78a8a8d4f465baa400.exe
"C:\Users\Admin\AppData\Local\Temp\c8cdaba87654df78a8a8d4f465baa400.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\AE9.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save c8cdaba87654df78a8a8d4f465baa400.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\26D2.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\26D2.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe26D3.tmp"
      4⤵
      Executes dropped EXE
      PID:1364
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AE9.tmp\vir.bat

Filesize
1KB

MD5
6c1b6ecc49aba1e8fdc91c34133a778c

SHA1
324b931157570a5aea2793dc4ec04d2de8b13d34

SHA256
e97d0ae6f6ad35784c6d635ab6f25383fdcae2c0389375ef88661a95099d9a4b

SHA512
fc590d7529c912351dea6eb6e48ab3381ff2d9b52d44c22c4f219f632159330e1a7e64c3eddeecde762e49d86de8309615b8ed7230738a58e3c3eff6e830455e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe26D3.tmp

Filesize
24KB

MD5
cdcfa1efe50d04afc7e0132fefaaebee

SHA1
9fb31f91df27a9fa854e13997eb27b1fffba93ec

SHA256
b418c29a1ce04661d4028ca863ba1253d49c15570cbfd50a0b1cba268357520d

SHA512
1aea5e87344b6f74b2584635216f3a3501bb8852aede2b5e395713041b82c006a8518edac769578e2062f9f592a0e5600ca7685fb1430eaef278c4b99b275a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe26D3.tmp

Filesize
41KB

MD5
4f74129c104ef1d140d90e0ba568ce01

SHA1
6f3eff482f956305006b6768a2a6ff242798a45d

SHA256
7695698f1983d6f8884164972c0e546da7e4a29f3c2ac244927f5b28da24c753

SHA512
8757d38c206b29cbabc7ada99871fc590ff0a775814a74752b9f3971956e7c000ca259cc9e1906897a343397d4dcfe9c271024878de42eb87e22477a6fd50f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
fd0d0d7ae1d515c6a6a5e027a383e813

SHA1
5ac4fff2a23711869002bb26e4463530788e086d

SHA256
6429e1a8f97a7e8226cae762348ad91d938e474db9ac2eb7d5d3aa2cc4b6123e

SHA512
068bec88e014b8d1a657f1eb75dfa1730c48601c4dd69198214fb8ea95e4e99fd8b185dbd1ca2cc6b075acb950af299b2483a3176951d2e80b0070708791778a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
5e936f51ae04ca965574f15807ee6ea0

SHA1
ed780f0ad77f13521350d8db67ff185e56d38c7f

SHA256
879c8648e491a64413ee5be3e8aa5e1f70e8e3e3b98b89f80135f92aa64f2533

SHA512
39d569a31baa4c6af249ca71247442cd7c1b1704554fe71a18bbe72581dc4324301446a4d051ce47103085d171d389419fcb2f3bc7951441a74d308519005354

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2463e24e7d5e2ee9a2de86495089045a

SHA1
1df57d0d7bf10edf7313febe0ed473857f4ffe5e

SHA256
16d300174f0f7439cc3cea3431966689fa371752441f5c65144274d0725cce4d

SHA512
a111bd72ae345b4fcce31ab07b492241f530fefe8dc4fea39963d51cf9abfa7a89cb202a7583b07664e9002c9895b1f6430bfe7a57c475ad8d5652c88987d03b

Download Submit
\Users\Admin\AppData\Local\Temp\26D2.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1364-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1364-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2460-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2460-113-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2872-90-0x0000000001E00000-0x0000000001E34000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads