409cd2f19cd974a7f21d41ea4f1889fe8e322775c7f8865a1fbe2d3939b0d271

Analysis

max time kernel
146s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

144f94374778bd0c5c7d94ec152dbd0a.exe
Size

209KB
MD5

144f94374778bd0c5c7d94ec152dbd0a
SHA1

6615023641d2d60d47b2743937b83d03763b8e89
SHA256

409cd2f19cd974a7f21d41ea4f1889fe8e322775c7f8865a1fbe2d3939b0d271
SHA512

84c4405633ca027eb68b6e39a9909826db3f7d6d8002e853ca3664b4b28ced200d48588c55484046fed6d1491a1bfe79b77304f6c6127e7919d9e723944ba18c
SSDEEP

6144:Kli51WYlEEIzjvsJc1sJ/Yj5Qcytts9mFER8:fKVxg/0xyttVFES

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3776	u.dll
2340	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3656	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 4556	4260	144f94374778bd0c5c7d94ec152dbd0a.exe	92
PID 4260 wrote to memory of 4556	4260	144f94374778bd0c5c7d94ec152dbd0a.exe	92
PID 4260 wrote to memory of 4556	4260	144f94374778bd0c5c7d94ec152dbd0a.exe	92
PID 4556 wrote to memory of 3776	4556	cmd.exe	93
PID 4556 wrote to memory of 3776	4556	cmd.exe	93
PID 4556 wrote to memory of 3776	4556	cmd.exe	93
PID 3776 wrote to memory of 2340	3776	u.dll	96
PID 3776 wrote to memory of 2340	3776	u.dll	96
PID 3776 wrote to memory of 2340	3776	u.dll	96
PID 4556 wrote to memory of 2876	4556	cmd.exe	99
PID 4556 wrote to memory of 2876	4556	cmd.exe	99
PID 4556 wrote to memory of 2876	4556	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\144f94374778bd0c5c7d94ec152dbd0a.exe
"C:\Users\Admin\AppData\Local\Temp\144f94374778bd0c5c7d94ec152dbd0a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\27B7.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4556
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 144f94374778bd0c5c7d94ec152dbd0a.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\338E.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\338E.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe338F.tmp"
      4⤵
      Executes dropped EXE
      PID:2340
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\27B7.tmp\vir.bat

Filesize
2KB

MD5
dc0539cd690be79366ea78c520d7e56d

SHA1
dfd1807bf5b22ec6e16b00c824b326f2de774b45

SHA256
feafc208f5fd724960a01d539f0bb2f8ba81c2029cccf097317d10293caaed24

SHA512
51afb26f064894d35dbd16f6db2705f0d121a986b67731d7f8b77761e099fa1c713d27b25687aab054417644a043c27bb04462166ccf32c75e251b737994fd5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\338E.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe338F.tmp

Filesize
41KB

MD5
f6e37b5b08d4514d8347cb5ed4e670f2

SHA1
0c42b901ed5f2e9e76822ccdab3299b714a89cf0

SHA256
41ac25ee169e9baeccb3d8ccaa3be68b912286125520e56d0ed9854608966a02

SHA512
03cb6ed9236b0e5b679ba92f4e5ca07a1874717af3dcb7f24237c7431bdacfebcfecd46df500083f40f626f5ddef4b18c12feb5338924522dfd9f32751b6f301

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe338F.tmp

Filesize
42KB

MD5
0ca7e364f6c88b4956cd3edd7525dec3

SHA1
53f8b42fcf4483d71caf530744a34ac82d77ef77

SHA256
c1baba1eab8897d9f7df6fc061da8ecc1319025e860f151c74960276b8a549cd

SHA512
92c1fc2ccca9fae87f3591416de50cc28e932587fe07b9471d5704b3000a85d06a9bf13d57288bcc31a8755151855306135d005d9d7bc58342f585ba5928be90

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr6FFB.tmp

Filesize
25KB

MD5
06a333e7389668c3531a2512b8f97e6f

SHA1
32ba0ff8f401da6ae9bed7a5664d63d29fd75684

SHA256
4755015119bfcd65ae5b95c6f37e48dd2c4a722cd72a925520c49c79fedfea13

SHA512
839d758a74e876d1b6ebe34ae7fc84a2e4ffb2e4c892771dac1ce7e32cf684809a2a4797f407ce8e228aaec48440e5a3a26e15fa11a6729f08fc30e3ef912fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
84b76845654285a13592c9e42b2f8b8a

SHA1
af1373a5c315f3fc3fb18d88ad4c28f6938de640

SHA256
635da8f03b922a520ffb1ad9c4e8c460822cec92bc02c14da4d2455ba0300242

SHA512
a0c1e791d4f571b27f34f37529ac0391557f08edf6feaa9866117924a6e2c0a5eae0c9f88f79f570321676b6fa630933f301324f08915ad13825ce76d7aef33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
ff799b261e9b1b281e263522b50a1194

SHA1
f6bf53b90d744a6ea022fa3727305ac7e40fbbed

SHA256
8a17c2dc2e4106d1f12ca2274d0349956f1d96acc135f40b614f75268a79a13d

SHA512
b511d04e2f0187785e2ad1cc0518599fc622505df43a1054f64138a5d3f85499d352c5223ee019eb13c10739887fbd67e439959612b4440a374aae26dfdeca3a

Download Submit
memory/2340-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2340-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4260-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4260-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4260-19-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads