7fed0c3de687fea710119b6849fcd89867cb0d2bcdbc7afd80c2afe865e03cb2

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ba3714f0e5efa0ed6e0e1c272e890ff.exe
Size

209KB
MD5

4ba3714f0e5efa0ed6e0e1c272e890ff
SHA1

de90ba78169c284699d3760b81473ddcec89b82e
SHA256

7fed0c3de687fea710119b6849fcd89867cb0d2bcdbc7afd80c2afe865e03cb2
SHA512

4c8c5afab47e47b1323d76e0e1b2152f063e94bc9a5da5d7aee594a4d1cbeecfceb513686167ab7ae58307ebd97d48797dac81b5ad399609df5f066496068cdc
SSDEEP

6144:ml0n6au2obDzhvawZJo05PNn4c0ra2xJmVGCW:xn6au3vs0/hGvJmhW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1012	u.dll
4528	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4492	OpenWith.exe
4976	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 2368	828	4ba3714f0e5efa0ed6e0e1c272e890ff.exe	90
PID 828 wrote to memory of 2368	828	4ba3714f0e5efa0ed6e0e1c272e890ff.exe	90
PID 828 wrote to memory of 2368	828	4ba3714f0e5efa0ed6e0e1c272e890ff.exe	90
PID 2368 wrote to memory of 1012	2368	cmd.exe	93
PID 2368 wrote to memory of 1012	2368	cmd.exe	93
PID 2368 wrote to memory of 1012	2368	cmd.exe	93
PID 1012 wrote to memory of 4528	1012	u.dll	94
PID 1012 wrote to memory of 4528	1012	u.dll	94
PID 1012 wrote to memory of 4528	1012	u.dll	94
PID 2368 wrote to memory of 1924	2368	cmd.exe	95
PID 2368 wrote to memory of 1924	2368	cmd.exe	95
PID 2368 wrote to memory of 1924	2368	cmd.exe	95
PID 2368 wrote to memory of 872	2368	cmd.exe	97
PID 2368 wrote to memory of 872	2368	cmd.exe	97
PID 2368 wrote to memory of 872	2368	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\4ba3714f0e5efa0ed6e0e1c272e890ff.exe
"C:\Users\Admin\AppData\Local\Temp\4ba3714f0e5efa0ed6e0e1c272e890ff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3BC1.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 4ba3714f0e5efa0ed6e0e1c272e890ff.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\3C2E.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3C2E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3C2F.tmp"
      4⤵
      Executes dropped EXE
      PID:4528
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:1924
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3BC1.tmp\vir.bat

Filesize
1KB

MD5
b1027952e7fff7c0a8a3743cae060a42

SHA1
7d1b8241d5db14d8b4a69228ec1f1670032a3d5b

SHA256
f3ad9a9ce576d45c964e1842f53770a9bb6a7460eded521c985e0c6ae3154a7c

SHA512
2dc7231e38337da09a100daaa56c33b17f418407dcaa8662e8276c6e02d617dff554def71cf49e23fff19a88054bc984bec54a76334d262ede323c94d3aa74ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\3C2E.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3C2F.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3C2F.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
28KB

MD5
9081c6098ff70cf583beeb823ed1c0a6

SHA1
59f29fea38c4f022704df2b3ac68fc17a26f5672

SHA256
7769a4ba2ee98fdf040fad0e4331571b3ad50c04970ec9ef93bf8932ca9681d2

SHA512
f727b1dbb9890cfab6fe00a63baf2f19d452ee0d4493f68b2c48f824210809d4131c72379819d91a07b18132852f48cd71b55bfb8a6459e1eb3c51bee1f4096a

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
317KB

MD5
dcef75711d64ccb6d20faa625efd06b8

SHA1
ff7a49537e7eec30a11d205e975365f526fb28e1

SHA256
d1f3c4ac07746c52cb5fd92dda139533af32b7635a67a06e46ec9ad1a0296e7d

SHA512
66b46b9f4b10eb6d14880892e6f193cfcff40a35e481ead3e0e7d3555cc0b12d0c3334a4d5c2caa11ebd693a9352d97f2c81911b97548b2a66679dcaaa82ecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
396KB

MD5
0eb08f523f52bbc7e9a7d67914b5b597

SHA1
e99ead9bedc0479e49f9687f5e9c228c7119ce7e

SHA256
ad0ab38df768da86cab9850dc738004db526bf1ac7a09e50ecb937a568f2e4a2

SHA512
a4f858de1b9087294c75be887ff80e3c8e944196a9f207d40b05d3b4c9713114cdde1639b759030bdffdd499c2f8d173dd3f42e76eca4cac15049e02108885c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
49KB

MD5
7902d85db5fdc6affe0eee24b4c886e2

SHA1
32d8d04b382b87f47bde1748ce8533ae34b2f858

SHA256
935accdbd4df25fab509cabf7b1778af29a1b68d1211259fcf52a7137c0125a4

SHA512
a0244a6e3aac802c2b89bb49fc908a1631436beb0ec8a9af73543e287720601f587ef95e18ca41d968036e9a47666795fc409e7477a64ebbdc929e180ca2d0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
2d987f6708ee156f8f3e9c55d24116c0

SHA1
d64b1840c170b738ac104d6f7b1dc5bb44bdd845

SHA256
0c0fd1195b100b0e9dcfae5d7dee9236cfc2318bd911358ff247e7bb1ff5e0b8

SHA512
d8169beff34a4a3bdf29086f378ee7539f6c86f37fceadf0362294c8ce1b2e7537e75d886a786fa194e07a0117eb44eeb70a73d064f20d3cd8bf8a06c606f7bc

Download Submit
memory/828-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/828-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/828-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4528-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4528-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads