c6aaf386b51fb14f962e79601cc7dbb7e173e8c6c2edebe30ea476511ff889a1

Analysis

max time kernel
153s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42303cb06c009db3e5750f1d3daffd8f.exe
Size

209KB
MD5

42303cb06c009db3e5750f1d3daffd8f
SHA1

60414a49f78fd2a1c470ea2d5939b028e8376c9b
SHA256

c6aaf386b51fb14f962e79601cc7dbb7e173e8c6c2edebe30ea476511ff889a1
SHA512

cc2755b6d4f89485170c0c607b97cd49919c3bb237a055236b9853f529a2170ea1d4833880469cd96ee3d615bed220e72050e1de5e98ab311967479dd6318aae
SSDEEP

6144:UldqB5pnfDyz6NIVBy0SJ68I6DnTY+yHIsCfP:gEpnryzmH0SJbkNoF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3740	u.dll
2780	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
892	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4320	4604	42303cb06c009db3e5750f1d3daffd8f.exe	90
PID 4604 wrote to memory of 4320	4604	42303cb06c009db3e5750f1d3daffd8f.exe	90
PID 4604 wrote to memory of 4320	4604	42303cb06c009db3e5750f1d3daffd8f.exe	90
PID 4320 wrote to memory of 3740	4320	cmd.exe	91
PID 4320 wrote to memory of 3740	4320	cmd.exe	91
PID 4320 wrote to memory of 3740	4320	cmd.exe	91
PID 3740 wrote to memory of 2780	3740	u.dll	94
PID 3740 wrote to memory of 2780	3740	u.dll	94
PID 3740 wrote to memory of 2780	3740	u.dll	94
PID 4320 wrote to memory of 3656	4320	cmd.exe	95
PID 4320 wrote to memory of 3656	4320	cmd.exe	95
PID 4320 wrote to memory of 3656	4320	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\42303cb06c009db3e5750f1d3daffd8f.exe
"C:\Users\Admin\AppData\Local\Temp\42303cb06c009db3e5750f1d3daffd8f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A74C.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 42303cb06c009db3e5750f1d3daffd8f.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\A846.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\A846.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeA847.tmp"
      4⤵
      Executes dropped EXE
      PID:2780
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:3656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A74C.tmp\vir.bat

Filesize
1KB

MD5
a84d76ca619cd8d87d838c6b0ab0e2a5

SHA1
2e469d859398949653c1cadfd76f581fb0597ebf

SHA256
2872fada3a9ec064953452bb1284ee5b14efd581578da4327f912b4d02950fa8

SHA512
7b65970b3f6b1970116712078fee63847adae234b34612421de258ee1c6cb401941f6138854cd7b978f12804bcd407cbc37a5c5d2f0b1a5d3052ede4304eb97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\A846.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA847.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA847.tmp

Filesize
24KB

MD5
b799e4b3cff5cefeb8355cff4153f617

SHA1
cf39041f0b03033f148329b62c2f593ffb3ce8cc

SHA256
e6f5642d95d82404f0c87ce3b455c662ad247d533cc01b0f454d194b244207c4

SHA512
62e28c9cf91fd311d2dee021062a92eacf482455842a6f835afedfb368d84de089569ae032a37c85c05c4cc20d1e1aeeda2cda6e673fa42e00b80b19974b9f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
375KB

MD5
9b91827579565b6ae12fdba89f735279

SHA1
6cc37b79184e4879c9ccea7cb2ccf212c2bce15b

SHA256
10b2502bf57bb6149e439aa170976e4e37128729e39153a9712481d149d9d771

SHA512
8597cf01cd8edceeadf4352385dd867d50195b3a4dd55d73494aa0f8df3118bd43dba2546c96edce74182c8db1f213ef80fe1f623f5838c70188cad50b1cffdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
349KB

MD5
df5a679a79cad375f2f7a4aa6e684942

SHA1
fd625f98ac4969122da207e371b55a4891071c5b

SHA256
5d9a2f19140505c6829d9e35cceea74ab0e455760462e6905058aa546e036bc1

SHA512
1d03a3967290f72a3396917502e1e950b0490797c1546f17713c479d35d5f6e99d243584d723fd11841486293982489ea47cd60fa09b1c292af878f1c28bfebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
348KB

MD5
34beef72ce56d45dfca0f1cf09115f9a

SHA1
3644c83e125d9c02b8d6077bfd772bca2c0cfee6

SHA256
63cad07cf6b2df737d7c910ed0fda991e15dd7795bd32f5dcc1b437444b8dcd0

SHA512
9eed50c26eb47aca21232f3f36bca95187199cd8d510c76838065ef5c73a98066f4bb67603597b0264629b63ef192d6c7b26224fe4f4dcb130c8127d2f1219ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
347KB

MD5
142308be3191f26853f62eb69f346d1d

SHA1
2c18c1615a225ac72b0f46c1d7bb59d2fba95638

SHA256
fe07620849fc0a633be41a9910b06168096616608e99f77741da30654bf8e8e0

SHA512
6085ccb816489488e5b8c991e1c9e5411721e52425cc785717947dac5afd1f1667d73f5a143bba1c11fa71dbf29f8ebe9046833c1061e5b54baa4dd0a68f3cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
d3e3300158620d1a0a00ea8f9d8c464d

SHA1
32043838226b13248384be153630e1122f5c0320

SHA256
f13428b53e7232793388994f3193e87dd130cb05e02453121396823fc61fd5e8

SHA512
cb588748f534bcf585467e8001b1218f1cad1f5c83bf15a2af000c536a447aad9e17bf5ffaafdb17a46fd57894ab31717dc45fe6c7b8b454fe25fc03c8c5c6c5

Download Submit
memory/2780-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2780-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4604-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4604-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4604-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads