c23d71d492920c0f9ca4589e3d1776356595f727a4be59a4c9c2f20ffd554bf2

Analysis

max time kernel
154s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

125ef00cb8c230fc3cecc6fd3bb83acd.exe
Size

208KB
MD5

125ef00cb8c230fc3cecc6fd3bb83acd
SHA1

68e214a66838e1de5965366b67d1b889a71f96d7
SHA256

c23d71d492920c0f9ca4589e3d1776356595f727a4be59a4c9c2f20ffd554bf2
SHA512

669e8760015472c2f908380fe503e92c7b5fc05c6d5694414628d8067ceecbdb6479cf3b455c13bdda7bece71afe14d28ac6b7aeac93b22ecfd1b82eaf10e7f4
SSDEEP

3072:Sluy78nwser83O7Nyetlwtu+6wsDmhZT2FzspGkDRikzAtnD:SlNgws/Gj7JShZT2N83okCn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
564	u.dll
5044	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2960	2160	125ef00cb8c230fc3cecc6fd3bb83acd.exe	92
PID 2160 wrote to memory of 2960	2160	125ef00cb8c230fc3cecc6fd3bb83acd.exe	92
PID 2160 wrote to memory of 2960	2160	125ef00cb8c230fc3cecc6fd3bb83acd.exe	92
PID 2960 wrote to memory of 564	2960	cmd.exe	93
PID 2960 wrote to memory of 564	2960	cmd.exe	93
PID 2960 wrote to memory of 564	2960	cmd.exe	93
PID 564 wrote to memory of 5044	564	u.dll	94
PID 564 wrote to memory of 5044	564	u.dll	94
PID 564 wrote to memory of 5044	564	u.dll	94

C:\Users\Admin\AppData\Local\Temp\125ef00cb8c230fc3cecc6fd3bb83acd.exe
"C:\Users\Admin\AppData\Local\Temp\125ef00cb8c230fc3cecc6fd3bb83acd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A4BC.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 125ef00cb8c230fc3cecc6fd3bb83acd.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\A633.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\A633.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeA634.tmp"
      4⤵
      Executes dropped EXE
      PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A4BC.tmp\vir.bat

Filesize
1KB

MD5
25d9aa1d880a4cd5abcd79a0e10df7c9

SHA1
632e8f6c68daa04673ef6749d6d1b7b6c4be6962

SHA256
f59a175c23d0c3bbec960dcfb74a527ca04f185f4d7159747769f574d89efa5f

SHA512
76de48c312cd4c2127ba3422a62e27358a1b92a306f473d1f8d517f271de995a52fe774558138714b83a37d62155da19abb7985a5173d3cccbe4fca68af86a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\A633.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA634.tmp

Filesize
41KB

MD5
cfb6c23b4ec82cb8a0c562d2b9f34c23

SHA1
c7b496195abf2cceb09d8536768d83ab4aed6687

SHA256
28feed5f31044cbc96b185cd8ac0b12cffbc848b895ffce7d4005e25f7a8faff

SHA512
55a2e71b87db5af46c90eab14f95534d0deed807e91c4a52fb762141972a051633decedaf41b19b857efe8fd24821b59e15b33c9e00073da094495ea316420ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\mprA8E2.tmp

Filesize
24KB

MD5
1c591a621b30fb31de8b83694bffdb57

SHA1
94b0acf10c424c4990f88d8d63ba0ef31231fde8

SHA256
71a4439b7c9ba5b21532c4e3c05f39fd19f2ad9e8f1e7da85244339f7fac0e3d

SHA512
4921aee10a3d419ebbfad7f9f877177fce6aad5a1084099046f97ee63d577d9f54d42b6de5ca256f5250264f929988fbd8e4e050996673c99d95dae8833abe2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
c149ee632d3171bd15ee54ac94c99b34

SHA1
c6d4fb1ab2df83f8313a42915e3e840e44c7c198

SHA256
757db7b9a33dc792f47c885f42dc829a415aeab0d8601c6ea07bc717af1d826a

SHA512
9cb75cad0f4c833d7dd148401f722bb399bcfdccc2353f82030a61a3871bbbad179df893cab167d8b0d0eb1d1d75c03a6e83505c7ce5e5f28c57638df7aba620

Download Submit
memory/2160-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2160-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2160-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/5044-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5044-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads