7a28638f9c7f527fb47c763ef1db3d81beddf29a5cd93ff77b2e6a5fdf0ac0ae

Analysis

max time kernel
142s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14692a0407821da0b5e3fb9fcfdb0bd3.exe
Size

209KB
MD5

14692a0407821da0b5e3fb9fcfdb0bd3
SHA1

7eee502d14a3f8a1b8a63ff6445d0196725da6a6
SHA256

7a28638f9c7f527fb47c763ef1db3d81beddf29a5cd93ff77b2e6a5fdf0ac0ae
SHA512

6cb6bd5b7b7b7117e71a8866265ffab558671824bed5cc872cb013672daa7aa1ea9493dd0e1b774251dd633c991c97a5915aea22c95ec589b2ed2383b2965d13
SSDEEP

6144:8lsSFhz3fpYZTmV1Jb3YdquGhWXsO/P3gZjjhMSiwduCjn/fm8:bUhbpBd3gqUXsuWCx4/f

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4808	u.dll
640	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2788	OpenWith.exe
2932	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 1720	3716	14692a0407821da0b5e3fb9fcfdb0bd3.exe	28
PID 3716 wrote to memory of 1720	3716	14692a0407821da0b5e3fb9fcfdb0bd3.exe	28
PID 3716 wrote to memory of 1720	3716	14692a0407821da0b5e3fb9fcfdb0bd3.exe	28
PID 1720 wrote to memory of 4808	1720	cmd.exe	26
PID 1720 wrote to memory of 4808	1720	cmd.exe	26
PID 1720 wrote to memory of 4808	1720	cmd.exe	26
PID 4808 wrote to memory of 640	4808	u.dll	22
PID 4808 wrote to memory of 640	4808	u.dll	22
PID 4808 wrote to memory of 640	4808	u.dll	22
PID 1720 wrote to memory of 5112	1720	cmd.exe	21
PID 1720 wrote to memory of 5112	1720	cmd.exe	21
PID 1720 wrote to memory of 5112	1720	cmd.exe	21
PID 1720 wrote to memory of 1916	1720	cmd.exe	25
PID 1720 wrote to memory of 1916	1720	cmd.exe	25
PID 1720 wrote to memory of 1916	1720	cmd.exe	25

C:\Users\Admin\AppData\Local\Temp\14692a0407821da0b5e3fb9fcfdb0bd3.exe
"C:\Users\Admin\AppData\Local\Temp\14692a0407821da0b5e3fb9fcfdb0bd3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5534.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1720

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
- Modifies registry class
PID:5112

C:\Users\Admin\AppData\Local\Temp\55C1.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\55C1.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe55C2.tmp"
1⤵
- Executes dropped EXE
PID:640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
- Modifies registry class
PID:1916

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 14692a0407821da0b5e3fb9fcfdb0bd3.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5534.tmp\vir.bat

Filesize
1KB

MD5
c38988289f96edf1c560611377d7a99d

SHA1
a3a5ed7f46c97327392854be4109322f6b9e50d8

SHA256
7d8a589aa280d38483983a745fe7df51ed0c8bacb9309079d4209489fc5708f7

SHA512
b40c1e14c76d2e6d06afc354d3394a3b68ec8ee626be0d4c64ff5857b1459128e43bac77d19937413be3bf96cca7ae9cc6b5b981d1c21bc26773672d2bc206e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe55C2.tmp

Filesize
41KB

MD5
bac68e690b1c14dba6029b68bf6485e0

SHA1
911ac3beb4e166a4fd3e263787175b257a8a2125

SHA256
45422da2885226ab32d568f8155b68c173675a7a5ca058f1e75feddc5229348d

SHA512
6ab4ded492eb5c594ba5a0da0eb0f6f812b459de500b9111264276e6eadaefd58e470abb2bebd4c044b689dddd08a919a947417f53d246e4547befc859f5d34a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe55C2.tmp

Filesize
41KB

MD5
29b2a8db4c703b1584bc3124f5b57d44

SHA1
a10ecf729771e1a37b19371f4eafa800f1be78e7

SHA256
8e0e411aeb99649db9b4328f3c8ed9f2007ef8b8803b8d37faf9e67fb2b74371

SHA512
b02d1e84c204df4ccd79dd18f26a8c53204b528df9abce14e1b3c80e7f22692d82de10eb3959dddcf8e3f87ce06ee601e075905e57b59b90a344a43923a0ce6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
77ba6153827a203577b5d79c941e801c

SHA1
6deb4bdee67f4fb1a01ffa702e7941220c00f5a0

SHA256
7df73edded92f9b3f8e0639a4acaac72fdee2358eb0325e5cd66b23b44ce9bf7

SHA512
65d6b016a9109dc3358f7952fef0eb520a79a3084cb6da4f30558ebfeaf127f046408366452b178f43fd75d5a077118301326899f0207ed38b96310273824ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
384KB

MD5
24dfc4c9e007f2583b956d3ad07de800

SHA1
0b55c60ceb419e2fca38ec401fd143fed0cc58ee

SHA256
96696051cd5f06b05353731d5524b3d828259fffe0d9237407776efef7e6ac54

SHA512
282767a6486d42ffed096909fef64086d55ad28bb35cee37da5bc2e573d608342e5bd85eed6c8c330c84df02a1aaf4aea95df870d506d1e0cc35e551d80b39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
fb20c9a232876ae6676f4e60eba4f1e9

SHA1
7bef9cca9dff7cf3f28702acc22fd215b288bbfd

SHA256
e440b0a9997480e26d53a91ad3ded3aa1f8e3359f04e583dfe30a69ad497aa83

SHA512
49de1796caae45cabf07f942c85b6f724869a4e5c3d9bed259a9ac6465a190d1995eaf066e93e9cd9eb6115db0e705f6605661894bfd805a0df779271f83ad70

Download Submit
memory/640-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/640-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3716-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3716-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3716-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads