78ef6b326f9845372d56992218077274a535a801b71f893cbd55222fc146c1a6

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0af4757c718ab30bb17fae8026500a1d.exe
Size

209KB
MD5

0af4757c718ab30bb17fae8026500a1d
SHA1

cf7da2e02b3a2389623c2dd3b438a611619a97b0
SHA256

78ef6b326f9845372d56992218077274a535a801b71f893cbd55222fc146c1a6
SHA512

1d50463ff0e2e98d4088ba6135f54030ed9a79e324f99e6aa353747ef9fd7e10d720c2a83067c9804dc8c520ff4de970ad7e455e406d75e14b4dff862e4e007a
SSDEEP

6144:1l2/rr8a6mIZGTg8jacH+G/tZeKRNZHtuyP5r:q5hIWgSReALNr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3452	u.dll
2464	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4908	OpenWith.exe
1256	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 2288	4856	0af4757c718ab30bb17fae8026500a1d.exe	92
PID 4856 wrote to memory of 2288	4856	0af4757c718ab30bb17fae8026500a1d.exe	92
PID 4856 wrote to memory of 2288	4856	0af4757c718ab30bb17fae8026500a1d.exe	92
PID 2288 wrote to memory of 3452	2288	cmd.exe	93
PID 2288 wrote to memory of 3452	2288	cmd.exe	93
PID 2288 wrote to memory of 3452	2288	cmd.exe	93
PID 3452 wrote to memory of 2464	3452	u.dll	94
PID 3452 wrote to memory of 2464	3452	u.dll	94
PID 3452 wrote to memory of 2464	3452	u.dll	94
PID 2288 wrote to memory of 4340	2288	cmd.exe	95
PID 2288 wrote to memory of 4340	2288	cmd.exe	95
PID 2288 wrote to memory of 4340	2288	cmd.exe	95
PID 2288 wrote to memory of 1468	2288	cmd.exe	97
PID 2288 wrote to memory of 1468	2288	cmd.exe	97
PID 2288 wrote to memory of 1468	2288	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\0af4757c718ab30bb17fae8026500a1d.exe
"C:\Users\Admin\AppData\Local\Temp\0af4757c718ab30bb17fae8026500a1d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\920E.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0af4757c718ab30bb17fae8026500a1d.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\9357.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\9357.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe9358.tmp"
      4⤵
      Executes dropped EXE
      PID:2464
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4340
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:1468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\920E.tmp\vir.bat

Filesize
1KB

MD5
f80134a6f49d9bed885351a1ab0f7037

SHA1
bcbd9aae57949cc2eefb5ab660f41379c83b5cf9

SHA256
5532fd44b01714a1d99d07bdb084b8bc8ef137faa9d2babce45407ae8e019a04

SHA512
487db86c1e78e6a4f2b59eaec74b7181c93613677f1f4c6cb0395f6c6780bbbe8d5f0ee15be2bd897743b32f32073f1ec57787f02894783b52304ad862d896ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\9357.tmp\mpress.exe

Filesize
83KB

MD5
ea9b3ece528b56a840d9921c76b6cf19

SHA1
efe7c9a71b771837db57dd984c04cc056d00404d

SHA256
a2aeac8822fafd588d4bebc2cd3a8a2302ad9f02260ec66dcb6adcb95d3ff8fd

SHA512
642d4b1f30afe012d63664a8b08675ac56789d59c9d07834253e516e4b8dad675b8d395b86b5015f24b45bfbfeee8aa37a6d0e853335509d347c2441b7eb3af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\9357.tmp\mpress.exe

Filesize
68KB

MD5
58c8c2e8fa4d4829d87a78e66c9fbdb8

SHA1
15907bd34396be4f0ac0121d574985692488fffa

SHA256
0d63380f6925b34bd0eb37448907ef1a435345c18a71373209522f34a489c539

SHA512
8a3321a1eb90d26015db709e591d685e6060f22fbc558248ff3322aea879794cc4eebf2e4d9ee0428262051143ddcf33bb17663cad55411e382941710dfdc0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9358.tmp

Filesize
41KB

MD5
ced9fdba93c6c0a69c43a7fc783d0182

SHA1
3919692fb4669491dd6a24c6bb16f430d0a43e7e

SHA256
a3bf78576222c5da88aea0b9196a2d1003618e4bc9de921d3bac3a2c65ded3fc

SHA512
ab94864403a39322f8587ef946a34e06311ef27d051c4023e29e599ac85cd9bfa15dfcb94f491bbc4a95753f33f28a768b22621cba654c8060daa5df03c73ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9358.tmp

Filesize
41KB

MD5
1f721101b85fcb61635e506953d9e24b

SHA1
af9d47bebe3c5594c7809450f4e28115e3de07d4

SHA256
5f06ed4c4432a04b6bba5a068044a51464c74cd80ad1b970ee3f8c9115f3f155

SHA512
1a2ee87f06c1e7977332b9c4aac96e2ce66ab465da15fbd4358bbfbea16dbec3028510b17e4c277f391197f9ac48e1705c7c7053dd9f2d8d45038f4ee6b85e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe9358.tmp

Filesize
24KB

MD5
c4cd0cce2fcadadd40be248acba305f1

SHA1
4bd74a03deedec37e9ff75c56df84802b1e1f4b5

SHA256
b342bd4d80aefa30ed1049da836999a9557c1ffe88d78fce34076754c9a6de07

SHA512
8f5cff3378092692a6e96199172127a0064d072195416992dc2cc4b02e242829f1eab1c43504a490e3d42cc9ead635935362d0d597d97b48a7ca117dc2bb17c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
321KB

MD5
9d96ae891b8f061f9b4ebf23e750c29f

SHA1
7a6af2be8ee304e8ba56907bb9c420690768074e

SHA256
7c52e589afc3dd3e090e10d32542317070c1b9ebb0ad97bad8a787e7e3232fe4

SHA512
9a530feb912e6b7579ca0a9cabd7a7c89fbfd4020c1466ae3b90c3eeb322f238257ae5a6c438fc5be973594c0143d191385f066b8af3c8bf88cb6771cd661cda

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
267KB

MD5
e3cf8a1e757d63f663fce2767762d793

SHA1
d3e057970efb377548d965afea5c09616089d5b7

SHA256
3a25c3e3cd9adc6f0dca1611b7acd535b68531e53b3668425c255237fa279fd9

SHA512
f9f763ea5d2a8adad7b2d88982c78dcbb40602cc9f84ff3bb85a37fc4dde544bbc33599736932c4234ab8f923235546f924c98b99c46f3ab7fed301768bf2523

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
297KB

MD5
dcc9704297b97811fc4075f6abcee0d1

SHA1
16cbc0a6bbebbcdb23addaa871123ac180782b73

SHA256
219878fc5d49f7b64519075292c55eb3c6f586f19c360a9e3a01e88d02c50a5c

SHA512
d4b56387c2bd7120467bfef85784858116ed00305e15556c79df6bf694ac0ab458844a537e803bb37f341bfda87e4c46595fd791a0be48bf10b41f5158de2a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
279KB

MD5
716aaf9bbb5264353ad2de2d19fce7ba

SHA1
80e45375ba24100389064ff12cbd5f36c70189e7

SHA256
c3bd0a32ac57581c2230fea9b820870aabeb25dd2da227ddc0edbc8c5dfb06e0

SHA512
460736def6478067ef036c564ca828f9f4d1ea864d932330dfa932569d5ce4aa474ca79f3bc0d98463fdcfaf2361a240fd6b4556c6e77e353e62759ab0609bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e3569210e99a9265ddea3491c60ae711

SHA1
336a04d755c07e58f808ad4839a2e9b232e71d9c

SHA256
dcf74874ff909f64e2ad3c36a91949825a23d3459264f3d573b15006a0465dda

SHA512
83cd1c1e9b5f2e423b9952f3be82e26e3d957e3caca90c0fc318d710447f46ab38600d2326e2f59a8ab831ecd225358ad85d0a4930b8a080f37c21cf75a6d28a

Download Submit
memory/2464-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2464-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4856-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4856-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4856-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads