20811580ac290c229f7c3191eaa2e4be55876ee04ba809a9d0541d9f14ee7647

Analysis

max time kernel
217s
max time network
238s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07afb01541a8a0ae289de89ef48375fe.exe
Size

208KB
MD5

07afb01541a8a0ae289de89ef48375fe
SHA1

f7ca79fe0f93e249f68e794c3fe6880bf87c2ead
SHA256

20811580ac290c229f7c3191eaa2e4be55876ee04ba809a9d0541d9f14ee7647
SHA512

13b30ec32afd4ca6582ad017258b7ab47dd43d70c8f64c6c3bc0c3fdf96e143d613fe6c61cbb12cb0135d39f4caf51cd9cea84445eb56477c7522381d8cc4fd9
SSDEEP

3072:Clhg7vQskv8C0v0qHXJUat+JnYo7yPwviutGNCz9COm4Hn870X/i9JpVjmbJZLUn:Cl2kkCHDanhXWCOdH+0PUpVjmdZg9u0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1696	u.dll
4696	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 4760	2336	07afb01541a8a0ae289de89ef48375fe.exe	93
PID 2336 wrote to memory of 4760	2336	07afb01541a8a0ae289de89ef48375fe.exe	93
PID 2336 wrote to memory of 4760	2336	07afb01541a8a0ae289de89ef48375fe.exe	93
PID 4760 wrote to memory of 1696	4760	cmd.exe	94
PID 4760 wrote to memory of 1696	4760	cmd.exe	94
PID 4760 wrote to memory of 1696	4760	cmd.exe	94
PID 1696 wrote to memory of 4696	1696	u.dll	95
PID 1696 wrote to memory of 4696	1696	u.dll	95
PID 1696 wrote to memory of 4696	1696	u.dll	95
PID 4760 wrote to memory of 3672	4760	cmd.exe	96
PID 4760 wrote to memory of 3672	4760	cmd.exe	96
PID 4760 wrote to memory of 3672	4760	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\07afb01541a8a0ae289de89ef48375fe.exe
"C:\Users\Admin\AppData\Local\Temp\07afb01541a8a0ae289de89ef48375fe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\11F.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4760
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 07afb01541a8a0ae289de89ef48375fe.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\30BB.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\30BB.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe30BC.tmp"
      4⤵
      Executes dropped EXE
      PID:4696
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:3672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\11F.tmp\vir.bat

Filesize
2KB

MD5
a53df60223bbf093ad1011df3cd1e33f

SHA1
c63e6fe7d0cd735a3a95110766e669e93e51bd97

SHA256
675a21348e8e835d0c35c4ba8a27ec6d03f43982171ee2e574adaaadd6653c52

SHA512
c5bca9d42d1a099841818a748167b35ed2e9773a14edaae7976ace4328452c7036ef7b2c1ceeec07949b5a047e1a8b2afc0878bb86d5fab673e04e91d6daf099

Download Submit
C:\Users\Admin\AppData\Local\Temp\30BB.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe30BC.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe30BC.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
482KB

MD5
053fd39bbe004419b3d126195b2d06d9

SHA1
9bdc202d594d2f520d52af3282cd33ad0b66badc

SHA256
0a5105534b88481977c09f0735eb40cc5edfedd70cc55fcbd84e9e71d4ce9ead

SHA512
a63e76c4f5385b99b00039d3296e8e30c561a92aaa34c5e68a10b7aa3707e17e63bca2235bac2cedd546b634817b5d6eb0f89e740b5c7a44ce0fcbda59ff768e

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
289KB

MD5
c4b19f2cfdd63578f91a58926dd2c87b

SHA1
3a82efc66bfab2a54b8340a21e379a0a71bedae6

SHA256
0eccf2626d0bb002d7b6d2ada45a0f191c784574934d4e9d11b7cbd5aae494cf

SHA512
cd160f365170b958522c8dad11cec725e8da59eb6d87e6158b0d68dbb6150a57186430acea3b8ef69a197791119333b67cc3ef083183afa3ce3f3e54517a78ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
208KB

MD5
4f6a76e7dd65a175bbfebbe787e91dce

SHA1
33676e34d7332b0bf7f6a3b587d1431e4c3ff709

SHA256
a2a2a706a5e8262bb4a1f433d957a0bfeb865be1797e43b148b0c0578d6dbdf6

SHA512
3770786c6a3f364e9c242f4b59b30e9c1fda81273a5a186e4eba923b36396a481c06f1e27f376487cc20f0d72b2a73154cfde04c7a0c997378f1e553a7da52a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
7966250de58bdb0e372555d77b777728

SHA1
b90e8e355faa25607a119b218abc3ff0673bbb93

SHA256
89bdae6ba50c2602ee8dae726e318cf19ff3881f1d5e01ac2b5cbbffb9befd4f

SHA512
421657563389d57f933ee7ee3bfde669624fe524376e6dbfcdd96e5461ef47013c873175953222b7342740d69a1c93458fc82190e8cf698576f85483ddba1032

Download Submit
memory/2336-15-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2336-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2336-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4696-58-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4696-65-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads