1ece3607617c1474d63364384df7da505b2b2cbacb46ca0acffac0b58cd80aae

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 07:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cd700810261f6fb1b1d3eaf1dd59c3ee.exe
Size

209KB
MD5

cd700810261f6fb1b1d3eaf1dd59c3ee
SHA1

baa5e46f8a88d82b7fe38048981b2a71889e9b75
SHA256

1ece3607617c1474d63364384df7da505b2b2cbacb46ca0acffac0b58cd80aae
SHA512

766730e3db28f13aac8f2977315683886ef8e5b0a418f7b9936b5c578c39cb3bcc6cae2273ca07aee7a461dec5fc18f3c18aeff61f34811922324a542f328d6d
SSDEEP

6144:/l0n6au55sKTXyOhcbX2Y7YRpUFfZRNIk3PjdR:en6aujsKTXybD2Y7YRpcDNIk33

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2980	u.dll
2420	mpress.exe
2808	u.dll
1812	mpress.exe

Loads dropped DLL 8 IoCs

pid	Process
2588	cmd.exe
2588	cmd.exe
2980	u.dll
2980	u.dll
2588	cmd.exe
2588	cmd.exe
2808	u.dll
2808	u.dll

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2588	2256	cd700810261f6fb1b1d3eaf1dd59c3ee.exe	29
PID 2256 wrote to memory of 2588	2256	cd700810261f6fb1b1d3eaf1dd59c3ee.exe	29
PID 2256 wrote to memory of 2588	2256	cd700810261f6fb1b1d3eaf1dd59c3ee.exe	29
PID 2256 wrote to memory of 2588	2256	cd700810261f6fb1b1d3eaf1dd59c3ee.exe	29
PID 2588 wrote to memory of 2980	2588	cmd.exe	30
PID 2588 wrote to memory of 2980	2588	cmd.exe	30
PID 2588 wrote to memory of 2980	2588	cmd.exe	30
PID 2588 wrote to memory of 2980	2588	cmd.exe	30
PID 2980 wrote to memory of 2420	2980	u.dll	31
PID 2980 wrote to memory of 2420	2980	u.dll	31
PID 2980 wrote to memory of 2420	2980	u.dll	31
PID 2980 wrote to memory of 2420	2980	u.dll	31
PID 2588 wrote to memory of 2808	2588	cmd.exe	32
PID 2588 wrote to memory of 2808	2588	cmd.exe	32
PID 2588 wrote to memory of 2808	2588	cmd.exe	32
PID 2588 wrote to memory of 2808	2588	cmd.exe	32
PID 2808 wrote to memory of 1812	2808	u.dll	33
PID 2808 wrote to memory of 1812	2808	u.dll	33
PID 2808 wrote to memory of 1812	2808	u.dll	33
PID 2808 wrote to memory of 1812	2808	u.dll	33
PID 2588 wrote to memory of 1820	2588	cmd.exe	34
PID 2588 wrote to memory of 1820	2588	cmd.exe	34
PID 2588 wrote to memory of 1820	2588	cmd.exe	34
PID 2588 wrote to memory of 1820	2588	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\cd700810261f6fb1b1d3eaf1dd59c3ee.exe
"C:\Users\Admin\AppData\Local\Temp\cd700810261f6fb1b1d3eaf1dd59c3ee.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\9C20.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save cd700810261f6fb1b1d3eaf1dd59c3ee.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\9E23.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\9E23.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9E24.tmp"
      4⤵
      Executes dropped EXE
      PID:2420
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\A110.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\A110.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeA120.tmp"
      4⤵
      Executes dropped EXE
      PID:1812
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9C20.tmp\vir.bat

Filesize
1KB

MD5
02b40feb2550f04e9a308b44e6da9730

SHA1
3bb5731676416240f0ac6532726a0a8e43c88aeb

SHA256
ac97bfc870e8839aec26727939fdf50dd1cd25edf0daca21a13706096be29353

SHA512
c76841126506de1074a992745cf28dc7135db51c9fbf3f3dbdf03878b46edc4e841ab648426c90cbd4b84ed4e09d4765f8740e84b534f10f14e8d9314adae242

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9E24.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9E24.tmp

Filesize
43KB

MD5
9357d26db2c20604452be2674122d8df

SHA1
a253593fe37b64385ad18bd98ecaf83e2026ab7d

SHA256
30a245e24358002ea909f7460c553579ba0f72d52751b08d7629fd6c7afbe329

SHA512
32bcb75499547895d7f29535db08dd347f449913bd8304d62bb853f7bf7f9faaa9aa7cc69d9da1fafa127825a0bff249322b5981e302ac32f6fae9406e28815c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9E24.tmp

Filesize
43KB

MD5
2a47690b8e5eec50709a79473bd7ba76

SHA1
7679af3a131f6d276fb65b90bc2f7bf88e5debb9

SHA256
107d20fa7c60e9772ad84c2735b8346c5c909d2147097983430a9b8b5de33d90

SHA512
37d9a2d47e37cd09e8b3d4e245974251df78256d243583efd2362ae71a170134d5d0737fc629a19f76244a421615b762b7ba625dbb7929beac1b52bac30c7a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9E24.tmp

Filesize
25KB

MD5
ea047261a2f6524068cc3afe3cf50bbb

SHA1
408c770982670632967668a836b1ded5ecbf122d

SHA256
edd0f8ae54a335e2b6e6a4333b8f9b19e52fb03a1332d507b631ddaab9b37e57

SHA512
6733fa2930dba10fbb8f318a67bcbfe5c669ac39917ac4e773b042abec435df2d437222ac0cfa2f788c97643ee827378880aca94a72f1fb2cd3a26f0a6fb1c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA120.tmp

Filesize
43KB

MD5
e8e4d2b39d2d27db4735012f4e86e98b

SHA1
f86f23a530064ad8533f5e4c536ef7050f4ae962

SHA256
c282367174edec3927a013da07c354882a01b1f63d62602ac9a051fccfb5eda2

SHA512
24057b674dc7e9001fa31981b74b2bccb8d9d26bd34fda6e4716122236c066d9665bed70ae1689f0f85310c6f5fe3ec07f4642c86817d83d18d0694b1990fd32

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA120.tmp

Filesize
25KB

MD5
ec992aabd161aa60a26fa8d05bd1cc7b

SHA1
98055265c95a7781d5c9271321a8bf49343f3a6c

SHA256
468ad51877274826518a0d817ce2f49ce485d82ef7907a10d6100688b46fb7dd

SHA512
e3af2fd59f721c870ea6955daf79ed5c5e1cb1d219c02ef4c82a23d9879e899c4e9eb23c7fd75f5505f7f05d40fe60bf0fba72bfb17a26e8edeb8ece71868fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
3aadbb8118c8744e33ef470f20d0d4d6

SHA1
1a24cab013984131daaa6ecf5866267d22bc9c4b

SHA256
356bbe9daf1176b8912669f7b5a40310200f8a9974cbb760c9bc197323ec6776

SHA512
42914992aaecd88bc14694f74ee7208fe28eff25a7d8e28cf687cad6dec295050f2fccf6628e6d3680a0506a503001df3040aeb4bc64e4f6b245de5b2691aba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
71253e4764f1aabbd3b94e62e3adf3bc

SHA1
6446ffb7fd4d965a0b0c7fcee9fde69bbe9250a5

SHA256
6ac688476502e16c25ffba8382f3ca76508114f188e3fe0792a2b04a0d1510f8

SHA512
58a3b2b20c4de21e96d460e1ad39c4e3aaddd746842cb1b6b44d2173beec1a8b794fecad80dadb3e9c5d2bf5c86e4dc8048d1dba194c6a728cd7c192be0c0502

Download Submit
\Users\Admin\AppData\Local\Temp\9E23.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1812-140-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1812-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2256-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2256-156-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2420-73-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2420-67-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-138-0x0000000000540000-0x0000000000574000-memory.dmp

Filesize
208KB

Download
memory/2980-61-0x0000000000300000-0x0000000000334000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads