4969bebc3f9ec115187c5d310831c48f89aad355622d3417137cdf39bb26ef25

Analysis

max time kernel
1s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

604ac5fdfe5562387e2497f34a543df5.exe
Size

208KB
MD5

604ac5fdfe5562387e2497f34a543df5
SHA1

7f853524c8fb634d7defbdfccfe7cf2637d9b4f2
SHA256

4969bebc3f9ec115187c5d310831c48f89aad355622d3417137cdf39bb26ef25
SHA512

8110bcc0271830555ec12da772e902dc759f447b0f3d5c463b60bf3caf3ea98a0baaab2b51791ebb7e36f9aecce1de9cbb09fce7f63e69ef2b3c1c9895e112b3
SSDEEP

6144:FlsSFhznFu8WD6RrZOAR7y5JMcrUGqRQQ:8Uh7Q8MQZOARO5ucrUpR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2232	u.dll
2456	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 4120	2072	604ac5fdfe5562387e2497f34a543df5.exe	16
PID 2072 wrote to memory of 4120	2072	604ac5fdfe5562387e2497f34a543df5.exe	16
PID 2072 wrote to memory of 4120	2072	604ac5fdfe5562387e2497f34a543df5.exe	16
PID 4120 wrote to memory of 2232	4120	cmd.exe	18
PID 4120 wrote to memory of 2232	4120	cmd.exe	18
PID 4120 wrote to memory of 2232	4120	cmd.exe	18
PID 2232 wrote to memory of 2456	2232	u.dll	20
PID 2232 wrote to memory of 2456	2232	u.dll	20
PID 2232 wrote to memory of 2456	2232	u.dll	20
PID 4120 wrote to memory of 4948	4120	cmd.exe	21
PID 4120 wrote to memory of 4948	4120	cmd.exe	21
PID 4120 wrote to memory of 4948	4120	cmd.exe	21

C:\Users\Admin\AppData\Local\Temp\604ac5fdfe5562387e2497f34a543df5.exe
"C:\Users\Admin\AppData\Local\Temp\604ac5fdfe5562387e2497f34a543df5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4C8A.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 604ac5fdfe5562387e2497f34a543df5.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\4CF7.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4CF7.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4CF8.tmp"
      4⤵
      Executes dropped EXE
      PID:2456
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:4948
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:4508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4C8A.tmp\vir.bat

Filesize
1KB

MD5
771d25d832d995785d1640bb90de0539

SHA1
f3a2b3798bec5ec83ec081f98684d8eb97d0c27a

SHA256
c1e2408c5e645862a48b35780fbe12365131c45f1371412a8f6e0f334d7753a3

SHA512
5968b217f4c2b35dcc40c9a271dcc09c8525313e857083f7c29ec6cf9e6b42a89db3b7c2174624e5edb6edec5ce186729738f7d8d03c4b53209f8d52cd68a359

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
381KB

MD5
6a44fb5c0f9ddb755e483f86e5a717d0

SHA1
2d12472cba6bb76c016d98e1015e36e317e3a730

SHA256
878d149eb8d275219a0e45096b664460e74bbde6deaae65d3e8d917cbdb6f790

SHA512
3787b404ddd92cbc1ddbf07431d443809df3ec3a32803fd3c30aa62890611b3a5ed8df4803cb175dd2acb30ecdea6dc3149ee7cd2c0ae70400ca8730fd4f1787

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
memory/2072-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2072-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2072-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2456-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2456-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads