167ee6cffd99c43a52c901bc84d844754f787ebf0a2d6b74ffad5546be40c08d

Analysis

max time kernel
1s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

531f330dd3e3a33973c6a0cf487ace41.exe
Size

209KB
MD5

531f330dd3e3a33973c6a0cf487ace41
SHA1

66620800b40436ba6fbc80e2dfa3943570c1d443
SHA256

167ee6cffd99c43a52c901bc84d844754f787ebf0a2d6b74ffad5546be40c08d
SHA512

d844bcefeb487afd865113572f9803125ea77fb5d1df2013e84d322e0955171647b90bf20febc4b845fab1575e023e0a66f8217d8a7192f3ffe9538a41b16025
SSDEEP

6144:slkXVq0hy7Wwdk+fK1DiLuS5Zk7Sb6WiMzM5L:vXVyWwdkb1Q5Sp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2108	u.dll
4136	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 3428	4556	531f330dd3e3a33973c6a0cf487ace41.exe	98
PID 4556 wrote to memory of 3428	4556	531f330dd3e3a33973c6a0cf487ace41.exe	98
PID 4556 wrote to memory of 3428	4556	531f330dd3e3a33973c6a0cf487ace41.exe	98
PID 3428 wrote to memory of 2108	3428	cmd.exe	89
PID 3428 wrote to memory of 2108	3428	cmd.exe	89
PID 3428 wrote to memory of 2108	3428	cmd.exe	89
PID 2108 wrote to memory of 4136	2108	u.dll	92
PID 2108 wrote to memory of 4136	2108	u.dll	92
PID 2108 wrote to memory of 4136	2108	u.dll	92
PID 3428 wrote to memory of 2828	3428	cmd.exe	93
PID 3428 wrote to memory of 2828	3428	cmd.exe	93
PID 3428 wrote to memory of 2828	3428	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\531f330dd3e3a33973c6a0cf487ace41.exe
"C:\Users\Admin\AppData\Local\Temp\531f330dd3e3a33973c6a0cf487ace41.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4A19.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3428

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 531f330dd3e3a33973c6a0cf487ace41.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\4A76.tmp\mpress.exe
  "C:\Users\Admin\AppData\Local\Temp\4A76.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4A77.tmp"
  2⤵
  - Executes dropped EXE
  PID:4136

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
PID:2828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2872

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
PID:5072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4A19.tmp\vir.bat

Filesize
1KB

MD5
bcb4b17993b756d7ffb560fba831c104

SHA1
f669b552e3c4a4569054dc59be1669325e1a68ce

SHA256
6cb2588af3406f3adf7398c209b606a6eb796b68459f61ee1efa558017bc7223

SHA512
7d20766a94d353c588283a537e88ec99810ec67d9e3fb24d7c288e8c0c979f0318223bb16dc46ddcccf401cdc371e5ab786ceae0ef189073fddc4f1a00d95532

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A76.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4A77.tmp

Filesize
41KB

MD5
863c72510f3c30b4e2cd208090af8b92

SHA1
3c5a6732c904ba8c3004e257d5008beb5311b7af

SHA256
87454715574db5716ae855a6dd5a09f80a0ce0adba4699b485dc3152dc3ce544

SHA512
d7356b3561c3a8e84cc004d3852e3f8562023e4819e9e07e52b3fbdbb5645c64f9a436bcaea55b24e0fdd231b16d0941ad027db9870230db38a0ca81985d452b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr4B51.tmp

Filesize
24KB

MD5
f680e9ae05faa8f515979455a15d34a8

SHA1
474bcbb3309059e5950ec06a370d42e290eefda8

SHA256
def67e83cf64e184ac206e4c7445ecf4151932bd2d05adb0623c014d94565093

SHA512
b9b403b2890005628fb1a1a90a5fb96d164bfe7605f180063000161fe7a2b8065589ba9934cb07233a84d169987c14b541deef3e7f896929e70a5724233eb413

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
e4127ceb5db948172fd241be25b36358

SHA1
5a01fa3772c6d27630d50c73fadac9508780c51a

SHA256
f3e8cd29180b07115d0d33a3ecf0c542da05680aee99971aa7e9bd2423597f70

SHA512
13dd5db60d2faeaee632b62a3c92b323215931250ed8a1513a0af9b92c335dbf4b6c458e266bc08431eccff36256203dc81488e6f83185bdee737eed1a82883d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
5f5b0dc8d3fedfb355c2edae79f82796

SHA1
8055d1591519c7577b030060e6d6870109f8904e

SHA256
7acb74ea0bdde03b1f78ba14ef403d5f90ce2a4aafd642366c3ceed834a1b5e7

SHA512
b631c1f8f61c55a2889701a2a33e72c6ffc07b415be2b9a3a8d520dad8f1691bf9ebfebc2a0f582c52859853e6fb853c5e11bde7dfdea03eb9843682fbbd78e3

Download Submit
memory/4136-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4136-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4556-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4556-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4556-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads