2143e9ef02fd75234876a613485ef38a84a1c2f10f550645420e394aa3ed875a

Analysis

max time kernel
1s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

428f8c753d21240ff84c658ce469c00e.exe
Size

208KB
MD5

428f8c753d21240ff84c658ce469c00e
SHA1

46d21e9c9f6df56000ca42436a848a3e76495de0
SHA256

2143e9ef02fd75234876a613485ef38a84a1c2f10f550645420e394aa3ed875a
SHA512

ef9ee5d303f50bd15cef0ac610841782e3841db781e8cf38a87f38032db73334bd5cade151a41181a2e6ebd946014c5fe74a54c230427924536be879b5e950f7
SSDEEP

3072:jlV+n6au3P+B3GEawW4Xzc23ZoFIzS0tftibTaMRqUpTc6POEwaYD34HRKM:jl0n6au/WFXzRWeS0iKwqUpn6F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
440	u.dll
2656	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 3632	392	428f8c753d21240ff84c658ce469c00e.exe	18
PID 392 wrote to memory of 3632	392	428f8c753d21240ff84c658ce469c00e.exe	18
PID 392 wrote to memory of 3632	392	428f8c753d21240ff84c658ce469c00e.exe	18
PID 3632 wrote to memory of 440	3632	cmd.exe	26
PID 3632 wrote to memory of 440	3632	cmd.exe	26
PID 3632 wrote to memory of 440	3632	cmd.exe	26
PID 440 wrote to memory of 2656	440	u.dll	22
PID 440 wrote to memory of 2656	440	u.dll	22
PID 440 wrote to memory of 2656	440	u.dll	22
PID 3632 wrote to memory of 2296	3632	cmd.exe	21
PID 3632 wrote to memory of 2296	3632	cmd.exe	21
PID 3632 wrote to memory of 2296	3632	cmd.exe	21

C:\Users\Admin\AppData\Local\Temp\428f8c753d21240ff84c658ce469c00e.exe
"C:\Users\Admin\AppData\Local\Temp\428f8c753d21240ff84c658ce469c00e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3E8F.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3632
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2296
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 428f8c753d21240ff84c658ce469c00e.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:440

C:\Users\Admin\AppData\Local\Temp\3F1C.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\3F1C.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3F1D.tmp"
1⤵
- Executes dropped EXE
PID:2656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3E8F.tmp\vir.bat

Filesize
1KB

MD5
c4ee07cdd562618b7b5892f58a8b58e1

SHA1
5fc11d77a9a0a3a10bd28456f96961601c5058e8

SHA256
176bad81279d482bf0dc45ad2e77976c71b5b2e445a542471f1d4013731f968e

SHA512
8d7e6fca5a6ad82a09618762a1041f3b836e0a241633d3a1f4ba93f511b053a8a8beee0aa82f4bfa1d991783225992fde124d86f0733cb5bcc0f9496ed65a613

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3F1D.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
381KB

MD5
6a44fb5c0f9ddb755e483f86e5a717d0

SHA1
2d12472cba6bb76c016d98e1015e36e317e3a730

SHA256
878d149eb8d275219a0e45096b664460e74bbde6deaae65d3e8d917cbdb6f790

SHA512
3787b404ddd92cbc1ddbf07431d443809df3ec3a32803fd3c30aa62890611b3a5ed8df4803cb175dd2acb30ecdea6dc3149ee7cd2c0ae70400ca8730fd4f1787

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
98KB

MD5
693adf60d1cdcc85ab672b326418a8a4

SHA1
4ca1ca2b922efe18241bcd91a2c4e580c0013aee

SHA256
70eafc000804c2ff068ec2c05a66b3afe2411a0b8a57fe19c9d995b1d60a7ab7

SHA512
f13eed7883022803e7dde1c773d1728a3e604d289a842d1231450d5353cd69d165041fb7a2353d675b7fbdbbefcfeca65280274597b56118f0308b609038fb99

Download Submit
memory/392-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/392-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/392-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2656-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads