5b3fb62b787b9efecaf0d303f2254183023755d4f84cfd5e9bffae125501b5bc

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39d9c097cdfd58c11731b9e8eb93e2a4.exe
Size

208KB
MD5

39d9c097cdfd58c11731b9e8eb93e2a4
SHA1

a03848c939f6ceaf97a36d32aaf81cd99d4d103a
SHA256

5b3fb62b787b9efecaf0d303f2254183023755d4f84cfd5e9bffae125501b5bc
SHA512

5017171964a6556ffc0089f31b3c7a13c38792cee33968ed5da9093e879800f6ed3b2da8a63ddcb7b02a7664557ce08ecbe28bb1f0a1fcbd647fd48f765e2360
SSDEEP

6144:WlGRgXm15iuwuXlcnC0yA9jMApcA2x8RfDazjS1sFvsJv3pK6X:fv1HYC0yA1M61uABsFvsBpZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1996	u.dll
4412	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2776	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 4788	628	39d9c097cdfd58c11731b9e8eb93e2a4.exe	45
PID 628 wrote to memory of 4788	628	39d9c097cdfd58c11731b9e8eb93e2a4.exe	45
PID 628 wrote to memory of 4788	628	39d9c097cdfd58c11731b9e8eb93e2a4.exe	45
PID 4788 wrote to memory of 1996	4788	cmd.exe	46
PID 4788 wrote to memory of 1996	4788	cmd.exe	46
PID 4788 wrote to memory of 1996	4788	cmd.exe	46
PID 1996 wrote to memory of 4412	1996	u.dll	56
PID 1996 wrote to memory of 4412	1996	u.dll	56
PID 1996 wrote to memory of 4412	1996	u.dll	56
PID 4788 wrote to memory of 4088	4788	cmd.exe	57
PID 4788 wrote to memory of 4088	4788	cmd.exe	57
PID 4788 wrote to memory of 4088	4788	cmd.exe	57

C:\Users\Admin\AppData\Local\Temp\39d9c097cdfd58c11731b9e8eb93e2a4.exe
"C:\Users\Admin\AppData\Local\Temp\39d9c097cdfd58c11731b9e8eb93e2a4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\497C.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4788
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 39d9c097cdfd58c11731b9e8eb93e2a4.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\49DA.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\49DA.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe49DB.tmp"
      4⤵
      Executes dropped EXE
      PID:4412
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\497C.tmp\vir.bat

Filesize
1KB

MD5
57e2eb45f92dc73751b13955449b41c0

SHA1
c0f0a981af745a6547b23e0f981dd9adc6406bb6

SHA256
8e07d80fcc1fac202bf7cd622576a5d432794a26f2368acd9c8be19f05548dce

SHA512
719c5faf33af3e3c46494d0c157db5f21fab71ee64f18acc064700d2dab15a1e4a723dd5a23c2df738ab77656cfbcb8835cfa358990e5ad0b0150423a457ab43

Download Submit
C:\Users\Admin\AppData\Local\Temp\49DA.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe49DB.tmp

Filesize
41KB

MD5
4d1c4e637e66e3aee050194ee149b1ae

SHA1
542aab9bf825e8cbb8afc946b8fe555ea402a413

SHA256
ba3591ba0a42bd2556af093af3beb685383b239570a459d00ad9ff0747851e25

SHA512
801010a3a79285d26a7ecd84928b7e24de7adab6ad67d2d2ebc81a5639a6b9ea9f0f5cb087e1dfbda5a9cfa031bc2f1798f18d688a7cfc600cb9cde670862011

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe49DB.tmp

Filesize
24KB

MD5
eea12ffa949b5ad5f71e4a086a674c35

SHA1
c2a96e443b72a2869f2e9425aa775680f4cb2d72

SHA256
b984ba079f06f412c63ad35289400e640e26c8df67ee58975d8822a55cf24341

SHA512
6e078d975011f04ceee3f95ffaf3b13d00532b869d4305a153efa6d4c7bf8413cf7d353e1f0edf07bd982a72e9a5740c6e7bd0250c532cb7eb24a49e6fc02c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
32KB

MD5
25c1475bf6cca689fa8c2b0ce7150099

SHA1
b7ee32bb7b726853533abdc369394e91aa9bbd38

SHA256
0a8eaaf1698baec8e97d8d52e9df28dea6100d10866b452f8d135b18de625aa1

SHA512
9a8d6fb80cd7a7422db504b7f4599e756e4614acd0b9a2b4f51b74961be0424686deb9c17ab570b8502e775c6b64fbb3e1cae8587ff14380dc3125f8fce6c7c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
625KB

MD5
077d5e5586f3f038e3c0511277702899

SHA1
abdf056febd0d0392c448fdeffc6a14549ebf4c0

SHA256
ba5db62a282c4ccd6a4a2e405754b67020d826061a3c7892bc088db8b2df6738

SHA512
bd6be6ac7a5db41db334d6256295f137c634374e8fde72c9b7bc7bce3353488239b843c03645ed12f0f44e634af8eed670956146deefcdd2df68ac7586996d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
636KB

MD5
369ef198ef68515aaf114f1ef901f788

SHA1
6ea55c0acb1de5c7752ac41069e09638c9f63e3c

SHA256
bad62de725130a5a48854c6d8573627227a6e62a3eeb84b6ecb90667dc7d862f

SHA512
89bfb392fefd63ceb4c484a0eb832c178d1577c364d4f870509e9e36c3367bf8560975156a227a2573889690240935cd18a5be6f15ecf3e5e63fbf6efa1475a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
537KB

MD5
6d6e278410aba9dd5b10afc64b59dc35

SHA1
532b802d7b55f8babe92b5a73d16d782640b4304

SHA256
35d2316e82af05e322b9158e6fb4fd31caffa7a9976fbb18aadad7c21303f0de

SHA512
0d307f02379f7e2f5453b13e38bfd0eccce7585d011c3309186b912733fe15933955540443ce40836b3c218a92fcb0cdc28f2cf3b5ea331c74e1ea74e5b7360a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
afccc0b3f9cfec15560a4ac0fcb43973

SHA1
2222ebddfb22c4fbc2b3ed2f0295a4e144383e04

SHA256
152ec8d6092dc059535e96eaab2e0b05a59f09926ef1ad4161ed537099d6f2c3

SHA512
1c73bc6b5c10d9309c79f20c447237e2e6c1da37c398ed8953e3af157b6af307f291d4a16aabe0cf5c6f9b00b02ce06a5069c30dbdc7627ffcb9973c3e6c7e9a

Download Submit
memory/628-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/628-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/628-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4412-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4412-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads