f7783d87cefd8d14041a35a16d78668a42d5adf858ee9618afb31085a29f856e

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 06:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

590241c6d4a3e110ed2d184d68e7ef58.exe
Size

209KB
MD5

590241c6d4a3e110ed2d184d68e7ef58
SHA1

0ad84abbc23adb15f337997f003c79e49a0e0d93
SHA256

f7783d87cefd8d14041a35a16d78668a42d5adf858ee9618afb31085a29f856e
SHA512

e75f65fc874afa4ab674824a7cfe894b7dc9e444167b4f31571210b779f4d91a876295c9765bf48efc00a2ead51f12ff89edcb95c7d21dc12837a886f5e39994
SSDEEP

3072:iligYAVTbeEBdYpGCzVrmYnsOebV5zQI3/3jGPZyOt6mE/uryEhslO8:ili5y3PElz2jQI3/36PAOtFryplO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4168	u.dll
3256	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4448	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 224	2900	590241c6d4a3e110ed2d184d68e7ef58.exe	24
PID 2900 wrote to memory of 224	2900	590241c6d4a3e110ed2d184d68e7ef58.exe	24
PID 2900 wrote to memory of 224	2900	590241c6d4a3e110ed2d184d68e7ef58.exe	24
PID 224 wrote to memory of 4168	224	cmd.exe	23
PID 224 wrote to memory of 4168	224	cmd.exe	23
PID 224 wrote to memory of 4168	224	cmd.exe	23
PID 4168 wrote to memory of 3256	4168	u.dll	21
PID 4168 wrote to memory of 3256	4168	u.dll	21
PID 4168 wrote to memory of 3256	4168	u.dll	21
PID 224 wrote to memory of 1376	224	cmd.exe	20
PID 224 wrote to memory of 1376	224	cmd.exe	20
PID 224 wrote to memory of 1376	224	cmd.exe	20

C:\Users\Admin\AppData\Local\Temp\590241c6d4a3e110ed2d184d68e7ef58.exe
"C:\Users\Admin\AppData\Local\Temp\590241c6d4a3e110ed2d184d68e7ef58.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\48E0.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:224

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
- Modifies registry class
PID:1376

C:\Users\Admin\AppData\Local\Temp\493E.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\493E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe493F.tmp"
1⤵
- Executes dropped EXE
PID:3256

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 590241c6d4a3e110ed2d184d68e7ef58.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\48E0.tmp\vir.bat

Filesize
2KB

MD5
2a0355a4a9c739db1c655532ec9e98c4

SHA1
3be0ed8982032aa41b9aa4b35ab2a718b6d2adfb

SHA256
c0a2509e99a5371da7016884fcef030a11ccbe2af787eab471089d8c24c016d5

SHA512
2677d2bb80e411b5cacb132caa4cfdf2d3d4dc20e65c38bcec8c7fde176b076de6e59eda4cb7ee8e247a4748230db88b4ffa2dbf95d841aee6ecc8d17ec65022

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
98KB

MD5
6cd881f8c696f06395aec653cc24f173

SHA1
beebc92fd637bb0de4946c95e7b28a9388861733

SHA256
2b15800ceba8014fbc026a838c416a4c37f4054def87f520f2512f7a65dcb96b

SHA512
c65edf74b892a819b360d93904b2d5a3bf29b6b07f0699ccd3617e25aa40c1105cff4fbbca115a5a6b435ddb4911e1a5f4cc20faaaae44677ffa1003651569b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
381KB

MD5
6a44fb5c0f9ddb755e483f86e5a717d0

SHA1
2d12472cba6bb76c016d98e1015e36e317e3a730

SHA256
878d149eb8d275219a0e45096b664460e74bbde6deaae65d3e8d917cbdb6f790

SHA512
3787b404ddd92cbc1ddbf07431d443809df3ec3a32803fd3c30aa62890611b3a5ed8df4803cb175dd2acb30ecdea6dc3149ee7cd2c0ae70400ca8730fd4f1787

Download Submit
memory/2900-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2900-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2900-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3256-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3256-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads