b412b756e40e8aebded676e396019fb94dca6195bc96a59b13fcbc3b8761e1d0

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 17:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7f470dac2d55f34fef3637cd6dd0c655.exe
Size

208KB
MD5

7f470dac2d55f34fef3637cd6dd0c655
SHA1

119431dc1d0d41879d66a37415ec4758f49d23c0
SHA256

b412b756e40e8aebded676e396019fb94dca6195bc96a59b13fcbc3b8761e1d0
SHA512

a8b1d26a5a6773dec2bd98b12b5a3ca9e9c402e884870908a3243017056d9dbe390a2cab07849cb31ad94286f475e15183dd7f8f2b4881230558044aa00ee44f
SSDEEP

6144:8l0n6auj4orfDsgLJksaQc2/1mA6zKLo04arFvT37lvu6:3n6auEoPsglksk2/0A6zKL1zrlG6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3284	u.dll
3560	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
400	OpenWith.exe
536	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4140	4992	7f470dac2d55f34fef3637cd6dd0c655.exe	89
PID 4992 wrote to memory of 4140	4992	7f470dac2d55f34fef3637cd6dd0c655.exe	89
PID 4992 wrote to memory of 4140	4992	7f470dac2d55f34fef3637cd6dd0c655.exe	89
PID 4140 wrote to memory of 3284	4140	cmd.exe	91
PID 4140 wrote to memory of 3284	4140	cmd.exe	91
PID 4140 wrote to memory of 3284	4140	cmd.exe	91
PID 3284 wrote to memory of 3560	3284	u.dll	93
PID 3284 wrote to memory of 3560	3284	u.dll	93
PID 3284 wrote to memory of 3560	3284	u.dll	93
PID 4140 wrote to memory of 4824	4140	cmd.exe	95
PID 4140 wrote to memory of 4824	4140	cmd.exe	95
PID 4140 wrote to memory of 4824	4140	cmd.exe	95
PID 4140 wrote to memory of 2640	4140	cmd.exe	97
PID 4140 wrote to memory of 2640	4140	cmd.exe	97
PID 4140 wrote to memory of 2640	4140	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\7f470dac2d55f34fef3637cd6dd0c655.exe
"C:\Users\Admin\AppData\Local\Temp\7f470dac2d55f34fef3637cd6dd0c655.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\48B1.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4140
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 7f470dac2d55f34fef3637cd6dd0c655.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\492E.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\492E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe492F.tmp"
      4⤵
      Executes dropped EXE
      PID:3560
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4824
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:2640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:400

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\48B1.tmp\vir.bat

Filesize
1KB

MD5
8ed2dd06570b9ba57abaa25caaf04f65

SHA1
f2024d7524b27595f5e7b4012c4caf13ae16be2d

SHA256
086e14fa4c0e1d6ab05f9de26821166aef43ce9aec125d8942d18277caee056e

SHA512
8f4b8791ebadb104ff1dedd7fad8dbadf77825ec9e0c455097681f5379c51d127a65f32a84f976df6bbcbc86cb6d23691e7091acb555878474305ea2c242c155

Download Submit
C:\Users\Admin\AppData\Local\Temp\492E.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe492F.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe492F.tmp

Filesize
24KB

MD5
7cda353434725a4a3712954fd3ded290

SHA1
d8348e79d6bcee527743b126026367d700ddb436

SHA256
7e781837fa89a8ead0a14c14a7f2125a89bb7b33d2ccc358f6b8ad22924b5e86

SHA512
4ac257fe8e0772adc8aa1a2626153c473554c341c025959dd994100c43e2cec274e8a532e0c1b5c0ecdf463733d25a63767b995b731ce272b1c7a3ad0820b95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
305KB

MD5
af0d7a072de8595b1e96873a99429e01

SHA1
5fed791280b8449691c2fd6f5a8577e1ac00339b

SHA256
4940728500cc1edb544194652a5ec081d0ae39eb4af935d15b8292d9b647a20c

SHA512
c223a6e46dd95a31570c3a07a8d17678609fb04cdc196e09ce634491f1bc39dfdb7417f86ce37c452a03d1bacef651f59c6b955f43cb987f7695d941fdcb9303

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
222KB

MD5
8860c57d06d4bfbfd29d112199d8c9bb

SHA1
9ff06c879d0b094c05f17ec9f23413916918b581

SHA256
de8bbcea1d4a5fca7603bca44c957e30974e05bdd5e6bd82010a46c5baa8455b

SHA512
f55da4ec5914070e20a6d4eebf07c1b53cc50687179ab2b15cc880bdda82170d4558d722c7f9e850803ba5720bd57f510854041eeb0875d58c4cae9ffce338f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
327KB

MD5
c899e74b89fa0150f9505dc69a6cdd19

SHA1
3aa6046fb8f8a7b96ebe96f8460e9203a63b995e

SHA256
ba9a0d968f15a451068e6a9d483953f35510dc8af012801d7b1daae885931223

SHA512
2d34070e40f670a816d0e99f91f5cfe0e32c6af61262c096303489f2e786bb1e27366edff0a99628b60f3767f28fb0b8c5fae2613f5615c9858b0678aee653d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
367KB

MD5
48e567a6438fb9373ae669ad1d7544b5

SHA1
c099a11af9957256bd022516bfab794656589b4f

SHA256
447715ae0ad88a3ad2521c8285d1d7753a7812eca0a15512307c8eb7049bb850

SHA512
6ec64efda53ca63932cbc1a50cc58b3eb1b921d77ccd92a4287735abf3031fbef3841c3e8532c00d1856c0a83648e9e2fb0659c098dcfa64421e3bc68eaf5ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
0f02800f6413fe43dc461e466aa90852

SHA1
0277c539432520454b0f61fea2dedb316b8b4225

SHA256
20a4a6b5366b67069420070e3f17619f8d9d04a519801f9cc2763828e86bf308

SHA512
17bf0c8cdacb1514530fd15b0f54d278c787d26d83a89e2bf883aaa1d29b2fcfbc8d20c56b29e6b595c7e396843a5a370722b1ac5fcec4e77ccbf2e4bc42b4f5

Download Submit
memory/3560-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3560-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4992-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4992-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4992-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads