01d750d287041305fdcb46a8bbdb4eccdc417db480e9bbc2ddcb8c638557c2aa

Analysis

max time kernel
1s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d927291104e15875557b22e48923be5.exe
Size

209KB
MD5

1d927291104e15875557b22e48923be5
SHA1

dfa0ede8f9f45c7d552779b24c548409c2b81980
SHA256

01d750d287041305fdcb46a8bbdb4eccdc417db480e9bbc2ddcb8c638557c2aa
SHA512

a2af564f36fc4635fc928bf03de446bb38e1e954a40f7999d25cb843db708df6afe343e173d766919983a765c936f187e0d5c4be309546b3daadb1a45f3f550b
SSDEEP

6144:Ol9cqNzKdJHmf7J3t4rYIwQemqIXtf8WOpIsYm+4Wu:kcqBKdJe7D4rpwQNqI9fNOAIW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4416	u.dll
4300	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 792	228	1d927291104e15875557b22e48923be5.exe	20
PID 228 wrote to memory of 792	228	1d927291104e15875557b22e48923be5.exe	20
PID 228 wrote to memory of 792	228	1d927291104e15875557b22e48923be5.exe	20
PID 792 wrote to memory of 4416	792	cmd.exe	21
PID 792 wrote to memory of 4416	792	cmd.exe	21
PID 792 wrote to memory of 4416	792	cmd.exe	21
PID 4416 wrote to memory of 4300	4416	u.dll	26
PID 4416 wrote to memory of 4300	4416	u.dll	26
PID 4416 wrote to memory of 4300	4416	u.dll	26
PID 792 wrote to memory of 3156	792	cmd.exe	25
PID 792 wrote to memory of 3156	792	cmd.exe	25
PID 792 wrote to memory of 3156	792	cmd.exe	25

C:\Users\Admin\AppData\Local\Temp\1d927291104e15875557b22e48923be5.exe
"C:\Users\Admin\AppData\Local\Temp\1d927291104e15875557b22e48923be5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4268.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 1d927291104e15875557b22e48923be5.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\4314.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4314.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4315.tmp"
      4⤵
      Executes dropped EXE
      PID:4300
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:3156
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4268.tmp\vir.bat

Filesize
1KB

MD5
b870863a9ddfdff59cfec852d41825e3

SHA1
e2ce4b9acb46ba986e6bea720452e8670455503c

SHA256
e7aaf4d06ddcddc8770aa0e8f1d4291a1415b2f6a82dd596e859bc34bf90d666

SHA512
2369afba691021a5e9e1fe7b05cd1c07aad319aabcfeb3a615dd2e7c7d02a718e8b3b60a7ee890bb1297ba44fbe6665a2709597b2a57ff0e1e0b637fbbd38fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4314.tmp\mpress.exe

Filesize
66KB

MD5
eb8fca141ed5d3df1f60e318556eee60

SHA1
78f1911985c407cbc82a4ee90f1cec087df9d135

SHA256
604fb970ecf3d64aaf48bc0c16c3635e3d6a31467e603118ce07b5aa445d2bab

SHA512
c1868acb5825c59fd6019c669d9ffecfce5e68022c4b125ab9d748d80cae901d629988425fb261c07bfcee96d8fd906fb3f3060318af3c1cfc4c0e1d519436a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4314.tmp\mpress.exe

Filesize
57KB

MD5
ad855c26ea2f3706ce13cc626fc3b9da

SHA1
303bc5bc3db11a629f6cccfc5b5108ae5bdc9543

SHA256
3a410b6a06a351a40e66c1f5509f4c7cf788d07a9cb37d36a2b98bd60c5619ff

SHA512
6f2b1f11218be19a9f834969f0ebb8727675f9e0fce428d63ec7cd88d90f357c8a42080c20685104fb8116ed26cab8b39f1eb977d60fd7c4434c72295bedc2d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4315.tmp

Filesize
30KB

MD5
73edebe09f1ebfe2c4bff99d9d16edd9

SHA1
36ec241ac29f3c31363704884f223eb09f1e2d6d

SHA256
2c0cd2e42f2de12dbd976df54882f4c03f57fb268a6386f8a8b3673a116a61ad

SHA512
7956f1d0108a995d34790c121a32d1e6dce1bdf777b8fa5895fc3eb8e052172818e386bfc022c9ba95e39abf0ccf19366fbc5319fa93cbe15618a3fd11693a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4315.tmp

Filesize
7KB

MD5
b283718990a2e4db6cee79be967d4114

SHA1
aa61cec648ba625a27b0d77bbc3e20db3c9a63b1

SHA256
cca7a944a36f4facb4dd8589ff71cdfd5023ef82771b525a50c4dcf09cdfb7f1

SHA512
bec312e28c2769c0ba57b42840421ea3468c00154ea0aecd6ec3b0a46481a727292a39c020c8023ecbdf658052f1fad27561a71e809c15fbe10a02f7fe6f299a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4315.tmp

Filesize
24KB

MD5
ff875d59adbd73ee874b08295fe3a154

SHA1
0d3cca10c250c5b9b0c04981f2068b6ab16165f3

SHA256
3b2c762e0854eec4a1bfa87e688ea1c95e3e5fbaf24968815ff4e0a518f8a822

SHA512
2b058d8b02cf68ce4d3e6029cfcfe68cad618c3f0761973de47b669f3fd9140177b89740bfb37cf55fcbf2d416faf530e7ea34fd446c0e3202b508eac104be68

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
102KB

MD5
2dee2eb5d304f11b36342b20e823718f

SHA1
6ec6c2829e5dc87260a3251dee0a41d90a23cdf5

SHA256
ace353025236c00c81d8bd60fa097d9b71b1d9435c3675ad5327f9d32af23fef

SHA512
7db12654a389ee58d92a44de4d5d9de39fbb18dbe0f8c4770754054dc35341043e49a63edb3a4024a8901f3cf5c66c27d3c9b2f9b0fcb9dc2f5058ade2599dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
36KB

MD5
82af8a5f634b7cc98c3e19b74c037ab4

SHA1
013b5f59b1a06b633bf769c2ccfbcdde581bd065

SHA256
ac213874d47f696103c56261ba20800e04c099d225b69cd6109d1061397f4090

SHA512
0e4e15cdd5242d3759747706bb9bf84ccf4717a7aa62a1f601adf806dafbe0da907a2f600a474ccf24ec54660073a5a2c920b7625c645b2c57b85c22bd08de4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
46KB

MD5
d3ed0be856bbabdb6a288d71782a67ac

SHA1
9fedd19ebf144b45c18126d75a8596b63aca1d68

SHA256
9d5e619ffa0e43cfe9b93d02b785d4ad234cd3aa655b701ad8b0db08c62980bf

SHA512
5eebe2dd06937b59ccabf5d9a501339c5e016bbf32d69549b6507c0db5556151939b149108b41acd8d5111216f3a3b7d2f426ec08109887339efad2d402b77f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
56KB

MD5
7c03a31fb08e9afdd24c9ac11c0c6d44

SHA1
0563f6eb71e962ce2a0bd7956970fb6a45501be3

SHA256
02f027616abc6165a6dc76a1188a675844479e7ddca670cc260e10e77ada7b47

SHA512
7137c6cfc8a0e6b328ddd4e032f0207371ab8707d5befd783d8aa8710c1d8ce78c46b745ec5221589f1c05b7e92587b6dd71a57d0081e3d00797ff8d66aae951

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
3e7f319575b3d188e997d6bb3011f503

SHA1
f7891dc1f95d63a1e5e206a036b9bfc09b50bfdc

SHA256
ce111922775e690eb5978657a7d7763a3b6f21d0d73c978c632b8fee5acc5c07

SHA512
626f93c3119e6d3824b74da41563f8bc517140d08ca8626b9b0f8fd0f8d4fbc1baea25aa3c0513b647f7d922e0cddebdd158afc94c4e33a612a060445cd017bc

Download Submit
memory/228-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/228-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/228-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4300-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4300-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads