55624cfedd0b30008dd3fd95e69eaf4edc4cf1870c5031a0c7aff8cf971f07cc

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37b277aecf566b4de689160b1bcc3e2f.exe
Size

209KB
MD5

37b277aecf566b4de689160b1bcc3e2f
SHA1

067e5aec1ddfb45a0309163f5f3220238d307ad1
SHA256

55624cfedd0b30008dd3fd95e69eaf4edc4cf1870c5031a0c7aff8cf971f07cc
SHA512

fed1a316dce7e55ff5646dd32573283a14ea4e6abfe48279810dab0c63a7a7f85b791236138ed070d1b367034c4ae602a324c3088a13967cf5facab4d42e7630
SSDEEP

3072:gligYAhDzik2u+jeSLvWtpAl6IB4BkFBzra/xKw2kuupFx3qv/XoIGVoriX6JxJ9:gli51kWqovWtSPBMkwggMoIkoriX6J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2192	u.dll
2832	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4708	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 3592	1624	37b277aecf566b4de689160b1bcc3e2f.exe	87
PID 1624 wrote to memory of 3592	1624	37b277aecf566b4de689160b1bcc3e2f.exe	87
PID 1624 wrote to memory of 3592	1624	37b277aecf566b4de689160b1bcc3e2f.exe	87
PID 3592 wrote to memory of 2192	3592	cmd.exe	88
PID 3592 wrote to memory of 2192	3592	cmd.exe	88
PID 3592 wrote to memory of 2192	3592	cmd.exe	88
PID 2192 wrote to memory of 2832	2192	u.dll	92
PID 2192 wrote to memory of 2832	2192	u.dll	92
PID 2192 wrote to memory of 2832	2192	u.dll	92
PID 3592 wrote to memory of 1128	3592	cmd.exe	93
PID 3592 wrote to memory of 1128	3592	cmd.exe	93
PID 3592 wrote to memory of 1128	3592	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\37b277aecf566b4de689160b1bcc3e2f.exe
"C:\Users\Admin\AppData\Local\Temp\37b277aecf566b4de689160b1bcc3e2f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\40F1.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 37b277aecf566b4de689160b1bcc3e2f.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\414F.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\414F.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4150.tmp"
      4⤵
      Executes dropped EXE
      PID:2832
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:1128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\40F1.tmp\vir.bat

Filesize
2KB

MD5
b68178b9579f822050593a8da062aca8

SHA1
80e7d4119900db4047f99feffd43286f9e9c4c93

SHA256
66c6d42387cc36db84bcf42563d1ceca66130d92dfbe5d748ee3ef4e0c318f21

SHA512
39c0da83ac27a0d2c1183a762315f5fde5eaaddc3a666c5c16af34abbf51cad16f678114ec0ff34a0ed4282c2698ded4424d036667ea578182bad6a37ba420b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\414F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4150.tmp

Filesize
41KB

MD5
44493eae9f204d6fe939904248ac4b28

SHA1
6c610ef09dd364eb4c9e39991618e12de0952ec7

SHA256
73e81e651d08e65cedff41671dc4628da73d3a0a0e9a4b511ff56090f15bd3e9

SHA512
973014df9f093d47f82d3d0a5fe40a1a2e0adb476d3afda0858e06be818aaaef0800183d8d63677817e17d8189c546af5087b247f3f18cb2ee068f519e9e37e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4150.tmp

Filesize
24KB

MD5
8ffcc4b37f716f45760b7b9bb0642fcb

SHA1
b66786e4ba7d4a302f9419da28808936bb094a41

SHA256
09b167feac3844527e88d7533a888a90556e0fc06b8d40526e89b6edb44e79c8

SHA512
a816c45f9e2245c468e85e53ed6ea086864ee95d5898e053ec666c36ae9bd13f9930db80437c645d03c519457ff288a5f3eb1d2ecef53becb1b8b1eb1015b08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
364KB

MD5
7049b9bd09a62a0a6de897430986c137

SHA1
d08957f0d9c1cb5dd9e4d2798269754c5ad6e3e2

SHA256
89ae446a28d9d355ed361d200f86680c75c5fef6da780e27a43c5e3799449333

SHA512
3e9b7adb720de2d721336312627c5442217fec31f06d24c35d9ec669b84bf8819927b728ee020dafb2a36f50de490da8fd430ff8f460e97ccddbca610a9e45c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
256KB

MD5
0594d4d42ca5f84cd02a785992b3e99a

SHA1
ce41ca98c477505bc15344ddf557b94650feb5b2

SHA256
e8b38521657ab3ee51a692f2eec574926830aae04bb521f1ca3185e3156b8a24

SHA512
9f60f29ba79d393f2e869b7cc526f11eda2dda0e64b684d2097813d77c2115e875113497c82893e280391c9b17fda31692496515d2559bade6276a52966d5945

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
293KB

MD5
6ef63ae491a9e13e797afe3c3a019a44

SHA1
f1895485f96fb61fa1357eb6acdffce2eb83b7c4

SHA256
7e6fc3e1d1454c133b18d4138f6063f1f4b4155ddff5f2db3bd6baa2fadebbfe

SHA512
50d605048392bdd26ad7c3177d1fd5ac56e1efad0de4013c3d437200764112d6db69c9acdec3097a6f8893f32346e062765f10933a22893d5c1be2fb4392a419

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
288KB

MD5
5b96a6f79276bd74f41748c8c6736044

SHA1
8f9443b6e8aefadb77702563acafeae8528833e3

SHA256
c564bdd790e14a39a0f0a7184148b8649f39c4e1fe13efcfde98e959a3ca28d7

SHA512
589a79ffcf9b91077fe9dbdce4a32c383bb39b973519220aa18f78c5614f3db7b91e198d6b7533223e59df12fc0e3315eb7473ae5ee7463478be962cf0b5cb18

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
37520b07dcd4b86b9f30236a8afa984b

SHA1
e43ac2c8b6b9a55806e64a6ab04e670367df9aba

SHA256
2ad4e47b05132a8e22c65a65e4cd7da925f20aaec1005e1653988b390f0448ef

SHA512
d378700fd5dc7fb409ad995444f28c4263df64a6f4c78ddac3f4084894821416c9d9e960a26c6088b06df1db64142f73d88944dbb4a3522bd30f68b0c93e0152

Download Submit
memory/1624-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1624-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1624-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2832-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2832-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads