51a2a7cd3b67e62bb47545f746ea8b31fccbbeba453ed727ff8c6ba4b9608506

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a340e02387459453d889f2e8bfbc96c.exe
Size

212KB
MD5

2a340e02387459453d889f2e8bfbc96c
SHA1

3d911c9f07b35f7aa9c782e148984740f29b7e6f
SHA256

51a2a7cd3b67e62bb47545f746ea8b31fccbbeba453ed727ff8c6ba4b9608506
SHA512

d799d907d0b4791858465fc24c98550364f017a6b3c5ded71b273c4a5ceab5f3cfdae9456a667e40e6fbaeb78afcfb79f75f021907d7fef96d91c4c53cc64fd8
SSDEEP

6144:slpTBr0JxRt2djT6dRyK+KdYhjnShGkRc:wFOx0jmDd6jShGkR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
396	u.dll
488	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4072	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 896	1860	2a340e02387459453d889f2e8bfbc96c.exe	91
PID 1860 wrote to memory of 896	1860	2a340e02387459453d889f2e8bfbc96c.exe	91
PID 1860 wrote to memory of 896	1860	2a340e02387459453d889f2e8bfbc96c.exe	91
PID 896 wrote to memory of 396	896	cmd.exe	92
PID 896 wrote to memory of 396	896	cmd.exe	92
PID 896 wrote to memory of 396	896	cmd.exe	92
PID 396 wrote to memory of 488	396	u.dll	94
PID 396 wrote to memory of 488	396	u.dll	94
PID 396 wrote to memory of 488	396	u.dll	94
PID 896 wrote to memory of 2124	896	cmd.exe	95
PID 896 wrote to memory of 2124	896	cmd.exe	95
PID 896 wrote to memory of 2124	896	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\2a340e02387459453d889f2e8bfbc96c.exe
"C:\Users\Admin\AppData\Local\Temp\2a340e02387459453d889f2e8bfbc96c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6E2B.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:896
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 2a340e02387459453d889f2e8bfbc96c.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\7109.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\7109.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe710A.tmp"
      4⤵
      Executes dropped EXE
      PID:488
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:2124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6E2B.tmp\vir.bat

Filesize
763B

MD5
9487760f28c48bc5dc4713912d67d97a

SHA1
71f48e61664f4c0624f7904197e5909643ff682c

SHA256
2b0fb81763a09ba485f1c9858fb6d3928a4767089c48f6905f6e0108a8c7a4e4

SHA512
54ba2dcb3fc85e83d4a7bc7c77afc1721565e614e94a39d4c8f6fa9173517cffbbd1614ae3595f7015b32a7d08fef39a2614fbfe9930e5e1397a701ea5d6e983

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
58KB

MD5
f28c1a4db707cebda85f85b46fc6ffe2

SHA1
7a4d12e12565cd9a3d1ab5e6ba9703eaab92ad73

SHA256
b59d4210b0266cb4ab1e737d06439bdb80924541da3273f7f294d83fc91d021c

SHA512
5a66c3d3925558d48331d431a216cbd3fe52067322e877ba79a39a00ee04338593b2d332c12a4e7f4406da2ee3a962bb1f1fc74306d474cb3a1413854f300e24

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
memory/488-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/488-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1860-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1860-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1860-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads