b83471e4b4ead8398f939fe9ce0a7c3048f405714e395e43b25d874804f9baeb

Analysis

max time kernel
1s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12e141bb1eac6c68d6a3a336fc89cb82.exe
Size

208KB
MD5

12e141bb1eac6c68d6a3a336fc89cb82
SHA1

59ca04146b665d61f040df26c0681ae6e29276b5
SHA256

b83471e4b4ead8398f939fe9ce0a7c3048f405714e395e43b25d874804f9baeb
SHA512

b6c9d251d9450d77a5a981c38d57ca47846b347baaacb47daa4879cb02f124e69f6446fd8112fb1b1ec48e71fb8e9b54c180e141676ad7ba84a1f95dcdcae571
SSDEEP

3072:JlxuF4BVYKE6tDzU4kflRDAu3NgSJ2+isaKGQcMVxC8MeXPSv4NYn3pjBx:JlkXF6G4Ohdgk2v9KGD8Me/xk3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2052	u.dll
4460	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 3536	8	12e141bb1eac6c68d6a3a336fc89cb82.exe	16
PID 8 wrote to memory of 3536	8	12e141bb1eac6c68d6a3a336fc89cb82.exe	16
PID 8 wrote to memory of 3536	8	12e141bb1eac6c68d6a3a336fc89cb82.exe	16
PID 3536 wrote to memory of 2052	3536	cmd.exe	23
PID 3536 wrote to memory of 2052	3536	cmd.exe	23
PID 3536 wrote to memory of 2052	3536	cmd.exe	23
PID 2052 wrote to memory of 4460	2052	u.dll	20
PID 2052 wrote to memory of 4460	2052	u.dll	20
PID 2052 wrote to memory of 4460	2052	u.dll	20
PID 3536 wrote to memory of 4124	3536	cmd.exe	21
PID 3536 wrote to memory of 4124	3536	cmd.exe	21
PID 3536 wrote to memory of 4124	3536	cmd.exe	21

C:\Users\Admin\AppData\Local\Temp\12e141bb1eac6c68d6a3a336fc89cb82.exe
"C:\Users\Admin\AppData\Local\Temp\12e141bb1eac6c68d6a3a336fc89cb82.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\48F0.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 12e141bb1eac6c68d6a3a336fc89cb82.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2052
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:3168

C:\Users\Admin\AppData\Local\Temp\495D.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\495D.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe495E.tmp"
1⤵
- Executes dropped EXE
PID:4460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\48F0.tmp\vir.bat

Filesize
1KB

MD5
3a2abef736b22d8a4f5bf7c5f534685f

SHA1
ab2b4bd124150f03f77e43b54d9dbb0f20d0ef9d

SHA256
5b9a9438a974b7b1e8e48421cd0833ef4640e8adc418a3b392e8cf73fdae35ba

SHA512
af8e40afa54273f66b791d3c35cc09e4d5ab59c57b9a356515bce620d0844b892dd10935e77d7aa4d2bb70d623c441e1787328555d00cc97ec397970b16007d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\495D.tmp\mpress.exe

Filesize
99KB

MD5
87c76f807b12b6b276c00b6429d4f677

SHA1
7b98ad4324580b79934360dfc12c9e3b6bd2b67f

SHA256
6920c1d84feb070602604f7e039525307aa1597666c55b91ae6df7a546d2eebc

SHA512
c157a4662f0bc4c09bee08df6d93009857e79c01ccdc5f77b92360ee3dc168e6aec44ab26f84b103870b331e21ccecb3fdc0461564613c6d4f942a8ae71eff55

Download Submit
C:\Users\Admin\AppData\Local\Temp\495D.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe495E.tmp

Filesize
30KB

MD5
17d0b9a22cbf71ee731361a908576645

SHA1
6d1522c34f3ec1586789b9b5426fa9cfdf5dda5e

SHA256
2279ad7f82a02dbab88feabb73bc0069202d02d8e3ecc27915c6882433bb2b6d

SHA512
27d83d19c640d95f7903d17b8bd72d16965b0c0f05c69c81962e544f3e99095fee10bb0c07fff5dd4bffc6c7e63c5aa6a720ba9e6eaebcdcd9da83982f95dd79

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe495E.tmp

Filesize
40KB

MD5
ea973eff13cbb2680734e51a3002ef11

SHA1
2e73134e10a02fb5d764bc6b5e781f29ad13824d

SHA256
9ae87c2dc65dc4e4a9135ce622777d13c37bb62dfdd0467bdfd2c9074a692cbb

SHA512
1786d243e140c3c749957589f499a1e7056d83970a06a251387cd48b5369b999b382f68920706c6853da0dd2ad48cb3df1a1585a041cd4d7bc15a6fcc977078d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe495E.tmp

Filesize
17KB

MD5
a5bbb1cc2d52eea1c8dd8800014caa56

SHA1
37bfdc39bac35664c65eafa857a6d0874223ff6d

SHA256
4f381c7dae1c7c50785affc201d37c08e63e27f831c7d809d8041fa38fafb680

SHA512
1185b41ef2e30928880965c4c8fb65c0ce4da2da6a2aa3e8b6a9d7c97899474dd8de6100f4cd547400e3cc7137b2565213c0c18b93b3751be432901e6f30b182

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr4A57.tmp

Filesize
25KB

MD5
7ff19a32a8549b7585f7c8a7a1d3af14

SHA1
18e657af5ed623c264d5d82fd3b7872b42ab50ab

SHA256
f01a68893988b9c711e4dd51964586ce8661d40d8803a8d75e2597847e38786e

SHA512
4c049553e4635d95e2af999e5153498cfcb94ea3deef7f480cc0f644591e9fbc7287a71ac456963a215f7cd271c855f392bece810194e21c4104a5c4895d4ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
14KB

MD5
83d07547c749ad33f36883a6a80507af

SHA1
b46f89b531db4846f446dffef67c35be35259984

SHA256
7b566068187c74948cdb971b98a82e839e93f96eb41d40e423a88b3fe6fcf8eb

SHA512
caf4126d75a74af78af583c9de772d353a8c3533493b17c5f8108bfd5320d7216795ad6b07b76f202f90945703d75dedafdbdf29e821f42c774ffa0409026a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
9KB

MD5
e049c53d5cf23d90f4cfae602acd22b4

SHA1
80255f7e01ea9d83a64a570d9cf4220a7a882c95

SHA256
fd000324c2b1c9f66b45846d68f17f4c3726c6fbdb19d1f7cde9ad6934571bf2

SHA512
ea2440c855cfbccca771a56fd107289dc95621b672cc73231352f9e8b0a8480eecf7d1c74a2d85d51bf53e5701fa859fb8c7922372ca211aebe3f0fa43c21916

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
43KB

MD5
7c12362a42ae8ba7bcb10352d27fc532

SHA1
61764b4187acb5f8d91ce2ac892d613735e6bcd7

SHA256
429a9527e86b5184803eeb8d7a85728722f9ebebf9b3ac8b48b584f5cd9987bd

SHA512
8f537c3952a3a98f2332a9deebde874f90c7661d3f35e0806432bb1b1db49468f39aedf8bf5086e1df1dd8d45342b0642ce0c12d32d142de7ae19286469e33f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
20KB

MD5
7b628b129a9b32ef185a2d884fb99cda

SHA1
f7659df71c9e75f933496b35eca9b01acf74bbee

SHA256
5510982b19574c68613bd7f8efa11c45229f6e38e49571398fa50b74cc38d62e

SHA512
fa6b3672264d48922089d55da1ee80e47ec41c4ccfaf49217af32c498508872a7eac51ca3dadd8aa0a534b5734653b558b0fab30c5a8f38374546bd8978fa268

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
18e3c2f1fde02d4771d5d43a983838d2

SHA1
bcf40857f8277ce2b7e2b560baff898152131d0e

SHA256
f4604cae6e7a75edc4abd478b30400df2ae928e916b9c579d55dac0b9474d0b7

SHA512
b68998e7940400c1a23a5be4b7547b3b389a3d2bdce198fc839cd9ba0310158a860f417b6256f7ba9b48266a55e808779a5d4f61556d2a7cd466bc3ed42a7516

Download Submit
memory/8-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/8-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/8-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4460-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4460-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads