6281f8cabda201271b1bbf10c726fe3caccb39ed1b076704cab95e9705ff8198

Analysis

max time kernel
162s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe
Size

209KB
MD5

37adaa4ac1d2ba76bc09cb1d01e7d7cf
SHA1

c480c010ff007501e36243940285ea9a43591ed9
SHA256

6281f8cabda201271b1bbf10c726fe3caccb39ed1b076704cab95e9705ff8198
SHA512

6751073155c70770ba30413b424bb2322027aebeb4c5b5c0d53c7ecde8c96bb0979c89f33e2077903e8cd7fc3495c7b3f1c68787e098cb370c6fefb23438478e
SSDEEP

6144:IlZ63S51u14YpDCiOig5r0/aDBblhzcJa9h:syS/u1xDX0ySbcJA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
456	u.dll
4984	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 4844	880	37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe	94
PID 880 wrote to memory of 4844	880	37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe	94
PID 880 wrote to memory of 4844	880	37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe	94
PID 4844 wrote to memory of 456	4844	cmd.exe	95
PID 4844 wrote to memory of 456	4844	cmd.exe	95
PID 4844 wrote to memory of 456	4844	cmd.exe	95
PID 456 wrote to memory of 4984	456	u.dll	96
PID 456 wrote to memory of 4984	456	u.dll	96
PID 456 wrote to memory of 4984	456	u.dll	96

C:\Users\Admin\AppData\Local\Temp\37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe
"C:\Users\Admin\AppData\Local\Temp\37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D92A.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 37adaa4ac1d2ba76bc09cb1d01e7d7cf.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\DBD9.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\DBD9.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeDBDA.tmp"
      4⤵
      Executes dropped EXE
      PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\D92A.tmp\vir.bat

Filesize
1KB

MD5
b14e3227dc32874161ffffb2a57cdb00

SHA1
c994fc8375d4d5c1e6d43098af544d42a89be77d

SHA256
011b029a13ac77dd231ff6a6ac1e1d45a3a3c31ae8af701b09002657b2baca38

SHA512
63b907a0257c29fe21e8f79b2eb84ee35fcd1de3e93a33699444dddccfb8d5ef6b9af275a473a30c32a71cc6df34ab47f55c1f46bf9f3c0a2fe633927dea1a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DBD9.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDBDA.tmp

Filesize
41KB

MD5
700e79358492de07a8717cf20ca2f14a

SHA1
f1be4ae88571a56004d75b9f1dcb89f964122f0c

SHA256
9d57f4e84ec5af01bc1f8bb36428febdb1ee8445ae6e87fbc0c632e1db409706

SHA512
e4b03ce6a0fea1e418bf9f9e9edda706f2c469120f9230ce3b8df30cbc5347639c2b51f60e598240a7c407340af8aabae27ae9fa4ccf74c4c1efa44878bcf039

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDBDA.tmp

Filesize
741KB

MD5
c1c3b65cb1fcbdf5e3ead44f9ee326f6

SHA1
5115a3bf029f5e6184740b98a9a2fa36af3a3b1e

SHA256
60a05f0030abfb2ee3938389108c5510d56e7f188b6a302258c070b3e9662dc9

SHA512
ca2434d8ed85f5f9809fc452e6b863127177ba0ea05251538e74ad2fe9ee0338c388c0e4164d44ddb872e642afe4a5661728e73062d50588d202db1f9555e615

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDBDA.tmp

Filesize
735KB

MD5
f5af9b8e9e3f781b9b407998bff3581b

SHA1
b56ddc247890eb9628cbfd426dec62c40e890d21

SHA256
9b5b10852960303fd3ce518ccf04077d5475cbd078a28b7367be359af433a84e

SHA512
7ab7ad5e924123c746c97ad976e02f10defd5077c89e335c0387e9bccfb733de5a513204d4d9135072a3f04106b83b7ffddb9c1a4e634e1efacf8ad1601b7ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeDBDA.tmp

Filesize
207KB

MD5
956fd6cd530cdc1d26c1d7633786442e

SHA1
f9d2d9e64dbdaaad1ff9cbfb9dfbbbad33cdccd3

SHA256
c44a45a352a37efbc22adac99a462b2f119aa39a44343a973683fa37c132414a

SHA512
c33eb5dcf1d7fff2fc129d45a060abdacd4dcf7956b23d4f8c04b1dd23d3644d8a900f12cbe94093f60bf76330f3b968d2a2ac94f6b5dc8c40d303a6de186989

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
438KB

MD5
3aaff35f9e01f47aea29a92d2982bf49

SHA1
ff4f90c03b839cb063943805aa3b02bd54ee0137

SHA256
8ca44dc22fd72abe3d8cda6e56fbc6da63dc4ceb63e31e5d110e2fad8f13e4c3

SHA512
e8fb3052b77aa80ed14266e940c8515f9baf85ca8c04f3408a2cfaa56f5151c339097732882d15c8f3ebabda951e13dbd702dd271bbf2ac47354dc93ae25c85b

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
435KB

MD5
62fd116015bc563ce217e80ee79fe436

SHA1
0f7fc614e08806d99b3a680b5d90b191acddd939

SHA256
1ffea8038b17cf7799cc99fe1ce7620a6155cc02d4b09a7b74e62793c6bd3ba2

SHA512
52d0c3165efbd2e1846170391420e528ec7c9c21cbebe476acefa42c6541dbe1c218aac48b7cb26df5a23b98fbcdaece8c12a5209f060cd502bc488c93642ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
412KB

MD5
2d27412bb3e7e61f44ef325d43900812

SHA1
b2c589ae2065fbfb9f0c7ebf1fe6de0439585d25

SHA256
67c4a1bce4159e649981a5b68e75873d0fe7fcaa4f6dc44e8ef7410b237541cd

SHA512
447d3bbc594c5149fce0ddc65f447fb86887eb196399f6def37b072ed11e6d07711dea5d57dc652b6b47f15a7eb4e6dcfe5cf16ea66256c20efed2d0303551f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
495KB

MD5
1787121b8c4d978359fca9a268f919e2

SHA1
1af48291d8a06808e9a024dfb42d68d000bf943a

SHA256
ffabb16227c805249eaedf2e9842bad60cf5a9ee3c95a208279ecffa92943cd8

SHA512
20ce9b47875c0d526c6dc44a23c7363ee19d36bb30310063a5091ffae7b15b4f7a3d56a4c38d11bf15280c86efa4d4ca8c27e936a9e842154ebe87c2fc19cc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
5a868b0eac7d56f61beb7727a875b61c

SHA1
3b602b3d7098c8cb51088d6a157b94615dc0509d

SHA256
7c1e009e963c5664bf4d94c52eee3c4dfd11b73a9931a25120f2a0866ffff534

SHA512
824040f56830507c4d85902244955aee438ddb10f757b75c54c93b90285b51eb4596a7e16c9f7f571f6425b75c66e1bbeab42f15104ae6d1a458a7e117d1cf45

Download Submit
memory/880-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/880-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/880-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4984-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4984-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads