f5bf3cea94001ed764513c5b3ba9232e7dd877eb3e4216a6aecd0ab3350cb7a8

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022d1f96830b0c83dd6e673d53292077.exe
Size

209KB
MD5

022d1f96830b0c83dd6e673d53292077
SHA1

3987ca77830c77d3dcc08620a596f6f7d6373739
SHA256

f5bf3cea94001ed764513c5b3ba9232e7dd877eb3e4216a6aecd0ab3350cb7a8
SHA512

c6d6e9bf8dc7e17ee1a3365e748695e9357bc9a1aac6d469a664c7cc799bea52bd7d7a8e1d94f058701ae8f7205f77c8c4b08fce0100711d1c20399410aeabef
SSDEEP

6144:Wl7uBTzNsMDKg6TOKmtDYq6j/iSjcwRgy62:RTz+MV+mt0nJJf7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
864	u.dll
3392	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 3724	4956	022d1f96830b0c83dd6e673d53292077.exe	90
PID 4956 wrote to memory of 3724	4956	022d1f96830b0c83dd6e673d53292077.exe	90
PID 4956 wrote to memory of 3724	4956	022d1f96830b0c83dd6e673d53292077.exe	90
PID 3724 wrote to memory of 864	3724	cmd.exe	92
PID 3724 wrote to memory of 864	3724	cmd.exe	92
PID 3724 wrote to memory of 864	3724	cmd.exe	92
PID 864 wrote to memory of 3392	864	u.dll	95
PID 864 wrote to memory of 3392	864	u.dll	95
PID 864 wrote to memory of 3392	864	u.dll	95

C:\Users\Admin\AppData\Local\Temp\022d1f96830b0c83dd6e673d53292077.exe
"C:\Users\Admin\AppData\Local\Temp\022d1f96830b0c83dd6e673d53292077.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4381.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3724
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 022d1f96830b0c83dd6e673d53292077.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\43FE.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\43FE.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe43FF.tmp"
      4⤵
      Executes dropped EXE
      PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4381.tmp\vir.bat

Filesize
1KB

MD5
51ffd0d35275f67b7a006c10af26d9cb

SHA1
68e4ad8ce7dd25187419b0b76411eb09dae94903

SHA256
fa5429c9849716986b8da712516c1fbaed0a37ae2304f8d1fc290cb61fb63748

SHA512
ee1dd42515f4a9e3e811ca0f5848d68f30aa7fe9e2dab5b4b36161af0beda06a52e2e8d401005fce9a95a3f60f940e4144b2874484d0076c77674ce3059ca6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\43FE.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\43FE.tmp\mpress.exe

Filesize
92KB

MD5
c880f937f3dee3a3fa35d7d3640b54ac

SHA1
3345ed7e212eafee3c48d94b4ed5bd78c62de919

SHA256
3bec6888eb372e15c606fa1d3382d6f8c468d7237175a7f7bb667f9693bb9747

SHA512
8973de6a675e3768d20e8a95f9035ab448b2acd7823c14e2028afb570026859fcd14be4e39c377fb6048943db6545ef56e947d9f4956034fc85a29198a45a28d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe43FF.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr4508.tmp

Filesize
24KB

MD5
75c613a066f65857be61e90d4ea44435

SHA1
825db98cf1f56a88a3d2407f6b20ff8521a142a6

SHA256
2928b10cb3bd918ff461785fb55a8ae8b6fd3f281e03986b3a2d77ad798ebb4d

SHA512
292fd978eb0e6d1e809879396299401a8f41cc2f2a3ed2004c66c573e4b280baf333be8e5510dd46a8f7c837c641d9fbae108b7c1b2c4758ba16bd7b7e8671cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
439KB

MD5
2694cb8fca2afbd9a5f2e4cd88d935ff

SHA1
361f26ed03cdc04a57e6fe1778e9a265791277b0

SHA256
7e3fbbfef78eaa4c8ca2599d46b8dc7e2d32ff1be7873571522e1c7f4e1737d4

SHA512
0e80e36dc42246a8fd6fdf85840e2f0ae18bd10693510451dc6acfbae32c84c00db94b23152ebcf0f797a1296de40dbd79c227c73d4b6a59358dc7f15fa3bd0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
313KB

MD5
84005c992c200bb17987460f31ce4cd5

SHA1
e709341468ad761b3d74205e9b06446f284b252e

SHA256
494d911025b5bf8df1305f92b888766680d9831c45eb50b78c225faaa12d1d2d

SHA512
a9c0ef3b3ef7354e2c4c7a46ab91263c2d28ac4b9f4a49a3185698681da1809d0b843aa89d6233dfc27f71453a4adfdf81acddb6663c584fbcb77615edaa3c06

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
187KB

MD5
41ece14c42ced2aa1d15461254f27b1c

SHA1
db55f8c58e837c64efa9ef5be825c98fe37dbffc

SHA256
aeb5deb75c4ec7b63f1ac2b48c37526540dd67324dab87d7778d7cfe2dfeb158

SHA512
70b34c4f6b567235a0613fdaafaf2310dcf3a75354a4c8a1da4570370e5d5090cebf71dab98663d666a5c95311a3c530e030dc9dd266fe671b082e4a5c577397

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
138KB

MD5
4b0ab8b2b0a837ee124b0f25626000c9

SHA1
c3b4a65f45f6b9393e16843c38715701153f8eae

SHA256
78aa36cbd77d528d0f24e27e4d9bdc02ec8838e62b5e41418f6f08b4d9bd1271

SHA512
744db6370c0bab11d99d77db677786e65cd36547647bd8b79d208ab5ee606fd6b2da97c67b25bfec7345f46a124a9d24243bee6eec16891d7d83c12ffcf71ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
8425858b1ba52e48501467d3140e8262

SHA1
0f91f8caffea1465709e76320786268cbe540b1a

SHA256
6372d5fe89facb1eaabdb464b239302fe542eb16a5c46aaa75fbcfd22d822794

SHA512
6bbd0757f7da25ddff92b9d277c1ecbf2facbefa545b5b47dcf5cdbfbc9dd9739f9672731abc8dd4122a4d339d3b9c2d15829823a2287e6b7440af0aaad12c04

Download Submit
memory/3392-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3392-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4956-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4956-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4956-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads