7d7b2c20d2a26c3153c06eae1c3df0fd57a40fc97d83abbdb3577782dd17ae12

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0eb92b06ead13d85e3b0e6abf410b789.exe
Size

208KB
MD5

0eb92b06ead13d85e3b0e6abf410b789
SHA1

50e11bd2146fc108cc6b92b8faa2a3e4e11bc339
SHA256

7d7b2c20d2a26c3153c06eae1c3df0fd57a40fc97d83abbdb3577782dd17ae12
SHA512

b02bc285a0ce355160ddfc5badcdfeb74f237e0ba1ed18480b8fd71407c92aaab5a6702fc0abd825532f84d59d4f8382a8e3e57a92777361f1853a4349939fea
SSDEEP

6144:6lNgwvqdw4HEErnK1wuOQ0i58lTKsCNUcB:ChvJ2zCn0iNUi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2404	u.dll
4184	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2740	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 1880	2308	0eb92b06ead13d85e3b0e6abf410b789.exe	91
PID 2308 wrote to memory of 1880	2308	0eb92b06ead13d85e3b0e6abf410b789.exe	91
PID 2308 wrote to memory of 1880	2308	0eb92b06ead13d85e3b0e6abf410b789.exe	91
PID 1880 wrote to memory of 2404	1880	cmd.exe	92
PID 1880 wrote to memory of 2404	1880	cmd.exe	92
PID 1880 wrote to memory of 2404	1880	cmd.exe	92
PID 2404 wrote to memory of 4184	2404	u.dll	94
PID 2404 wrote to memory of 4184	2404	u.dll	94
PID 2404 wrote to memory of 4184	2404	u.dll	94
PID 1880 wrote to memory of 2076	1880	cmd.exe	95
PID 1880 wrote to memory of 2076	1880	cmd.exe	95
PID 1880 wrote to memory of 2076	1880	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\0eb92b06ead13d85e3b0e6abf410b789.exe
"C:\Users\Admin\AppData\Local\Temp\0eb92b06ead13d85e3b0e6abf410b789.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\50CF.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 0eb92b06ead13d85e3b0e6abf410b789.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\51AA.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\51AA.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe51AB.tmp"
      4⤵
      Executes dropped EXE
      PID:4184
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:2076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\50CF.tmp\vir.bat

Filesize
1KB

MD5
cbe215b341e4dcc31ead73f6e9ce4b36

SHA1
a39f6cba997efb4e569dee9a744c1e6a476077bc

SHA256
051caeeae371539532402f900f6fec6b155a221d042f1d56976223815ed146fa

SHA512
b9ebe300d7592d85b3113e2e5d871168c79ec7a2a8e761f08679c66b3d10886e7636a30e64172ba9d56e423f170d2cf424c6a5389cf11ef97f39356728bd8d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\51AA.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe51AB.tmp

Filesize
24KB

MD5
1c591a621b30fb31de8b83694bffdb57

SHA1
94b0acf10c424c4990f88d8d63ba0ef31231fde8

SHA256
71a4439b7c9ba5b21532c4e3c05f39fd19f2ad9e8f1e7da85244339f7fac0e3d

SHA512
4921aee10a3d419ebbfad7f9f877177fce6aad5a1084099046f97ee63d577d9f54d42b6de5ca256f5250264f929988fbd8e4e050996673c99d95dae8833abe2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
0ba8f8311fc3afbb7e32d98236f2efa6

SHA1
956dd3548df11f2c6c36366d74109ddddc33fc33

SHA256
5b6da37dd4f1fa6402e7ee652ef048f7bd7b396f7a3b3f61c56865d5cd3f6e62

SHA512
706f455d004af6d1442402c1a750a37da14da0351c51d0b0b578349355956986941c4a302956590be7c2b00caa6838e3b265dab8766e8636e0c6c4527b82c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
193KB

MD5
3e25f8239bc0abc8a386b91d2156f772

SHA1
20b581c275fef4b45f7fcd9b751bd06cffbb3fae

SHA256
562551672b96ab79f19056a18d6408fd18c8c0586c5f39528b1b98c9420384c9

SHA512
9f3f2f61ec3dbb6520aeaef42f4810f61d92bcc6dc743f9abf03b42b8a43b4c2998e4a06cbb28c11367e4adf23b6a69aef2207e96ed2eec8c5e354ea98e2a780

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
638KB

MD5
45a6cc66633d0ef3ae582c9fde161776

SHA1
c7c81e75f356b2e1899a2700b7152d24e7455065

SHA256
ffce608f224673d7ef4ccefd47f2bb8d85c3aea9d4b55a6d93f4f36862e15ff7

SHA512
9981b7e613d0f90767da226447e887cb0ef7313022de64dbfbb4525ca2fd8a5c29f72da1b9c9f6ff18fe79b3d6c56465ca46ef27969533f98cc4573940f12c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
7277fe45851b345276c047e038c82d8a

SHA1
4d09ba119f07c511651b007e990e7130ce09e23c

SHA256
f5c71fbfaeacd77aedcdfd7474929fac8d9948fe271c5fa90a915d4a37fddf8b

SHA512
a8ce27bad8c58bce5b387640bfec6e8a985855659d7f46fbf7b774c019cec71f22d206cbef2a0c48ebc7a07c6c46286f9ab4c901dc665eb2651d9601fa654e63

Download Submit
memory/2308-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2308-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2308-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4184-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4184-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads