837c1eba7c33e55e7f59f2b44114209f494be5023fcf6c5e881faeebb5a4a3fd

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

473ce7b9ecd007143bf550a7aa8622da.exe
Size

208KB
MD5

473ce7b9ecd007143bf550a7aa8622da
SHA1

32f7af028c7a294cf9182094caed8f850d001e99
SHA256

837c1eba7c33e55e7f59f2b44114209f494be5023fcf6c5e881faeebb5a4a3fd
SHA512

3fe69f3452a4408e12a5d8e9b37a386d14c31831be89e24429377b2efea18242f5911d86dab54d3719f1059651d7ab71822cca2b0a923fcf4c9e81f51ec099bf
SSDEEP

6144:wlH4lAZOn/4a3HaDPi2RecjkJijDBSlBBMlS0xF+lQj3BxsvK:UauOnAa36DPi0ec8MDkBSE0zVyK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1236	u.dll
452	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1872	OpenWith.exe
4920	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2584	1152	473ce7b9ecd007143bf550a7aa8622da.exe	96
PID 1152 wrote to memory of 2584	1152	473ce7b9ecd007143bf550a7aa8622da.exe	96
PID 1152 wrote to memory of 2584	1152	473ce7b9ecd007143bf550a7aa8622da.exe	96
PID 2584 wrote to memory of 1236	2584	cmd.exe	94
PID 2584 wrote to memory of 1236	2584	cmd.exe	94
PID 2584 wrote to memory of 1236	2584	cmd.exe	94
PID 1236 wrote to memory of 452	1236	u.dll	93
PID 1236 wrote to memory of 452	1236	u.dll	93
PID 1236 wrote to memory of 452	1236	u.dll	93
PID 2584 wrote to memory of 1912	2584	cmd.exe	95
PID 2584 wrote to memory of 1912	2584	cmd.exe	95
PID 2584 wrote to memory of 1912	2584	cmd.exe	95
PID 2584 wrote to memory of 1532	2584	cmd.exe	98
PID 2584 wrote to memory of 1532	2584	cmd.exe	98
PID 2584 wrote to memory of 1532	2584	cmd.exe	98

C:\Users\Admin\AppData\Local\Temp\473ce7b9ecd007143bf550a7aa8622da.exe
"C:\Users\Admin\AppData\Local\Temp\473ce7b9ecd007143bf550a7aa8622da.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\38E2.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:1532

C:\Users\Admin\AppData\Local\Temp\3930.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\3930.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3931.tmp"
1⤵
- Executes dropped EXE
PID:452

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 473ce7b9ecd007143bf550a7aa8622da.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1236

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
- Modifies registry class
PID:1912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\38E2.tmp\vir.bat

Filesize
1KB

MD5
b6e403fdc9f51c41d368e6d78316db48

SHA1
88cc560ecd29c5f43c9d4f1326fd459fd1e17f6d

SHA256
77a6dea462bf1c93d18938e78045cd2ac160e72d6d884f4f8ef4af29c098cdff

SHA512
c1dbd0aa637c28ab1c9c37457ee523bfa35011c9f201e0ffe0e30763d33c6f42c925ed7ab5d10399e93df52c12b066da6a872ca3597d71147208ce10fd96c7ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
863c312b1e74b57dc2d01a1370684ff3

SHA1
39175536b2783f4b3d70cb29d3352388cfebbcac

SHA256
33c2b1a19a8b31cd969ee88acebba54c9af73d4a8633becfa609e067909db33a

SHA512
d6dcd4968bd18b3483f7fb6a63b9640d8d3f3fc63bccd5c0ba294c1f09fc9b6bcb4fae815682d5800f7acf34fdadd2ec54be7d728d754a46b9cdb2362b3fa76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
93KB

MD5
ec3db92301aa424c7a530a4d539a7f37

SHA1
ce848672ac400bb50fb7ef6dfbb0f92f3b41d65c

SHA256
6a9bad795d66771f71f44ef3200af4939ff91cbf757aece23ef677e08b63eebc

SHA512
a6cbd9adaa09737eccce6876531aa59b43b945bcf0ec2b97645f98377061eec725bb7bc678bc7ec16cbf2ba1dcac118a382c0746846cfffde0fdc349331b6b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
memory/452-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/452-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1152-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1152-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1152-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads