ea37eb2bef7e1b335efeeaffb58617b3d02821a248b2bfa16b5f3be6e4740e77

Analysis

max time kernel
1s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a05be0f3722509a76e1b7e3ae514c2d.exe
Size

209KB
MD5

1a05be0f3722509a76e1b7e3ae514c2d
SHA1

9e78d9f697657f5e886d7931246a3d139c5240b8
SHA256

ea37eb2bef7e1b335efeeaffb58617b3d02821a248b2bfa16b5f3be6e4740e77
SHA512

2af2fa7c0cf97d8db5f821f3ce9ab9f79745756add4de1e9d0f97aafcfab18f5aae307bd015e17a57730c98999733236bf4db161c83929d013e57052f2f42b97
SSDEEP

3072:jldkpImZmosiqHaW3QZ1iq2rKC+JZoGdkKvFUtPS2xhomCMQ9N:jldMZm3nHaWmN2uNV/atrxhomo9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3232	u.dll
956	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 2748	4652	1a05be0f3722509a76e1b7e3ae514c2d.exe	23
PID 4652 wrote to memory of 2748	4652	1a05be0f3722509a76e1b7e3ae514c2d.exe	23
PID 4652 wrote to memory of 2748	4652	1a05be0f3722509a76e1b7e3ae514c2d.exe	23
PID 2748 wrote to memory of 3232	2748	cmd.exe	22
PID 2748 wrote to memory of 3232	2748	cmd.exe	22
PID 2748 wrote to memory of 3232	2748	cmd.exe	22
PID 3232 wrote to memory of 956	3232	u.dll	19
PID 3232 wrote to memory of 956	3232	u.dll	19
PID 3232 wrote to memory of 956	3232	u.dll	19
PID 2748 wrote to memory of 1908	2748	cmd.exe	18
PID 2748 wrote to memory of 1908	2748	cmd.exe	18
PID 2748 wrote to memory of 1908	2748	cmd.exe	18

C:\Users\Admin\AppData\Local\Temp\1a05be0f3722509a76e1b7e3ae514c2d.exe
"C:\Users\Admin\AppData\Local\Temp\1a05be0f3722509a76e1b7e3ae514c2d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4B80.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2748

C:\Windows\SysWOW64\calc.exe
CALC.EXE
1⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\4BFD.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\4BFD.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4BFE.tmp"
1⤵
- Executes dropped EXE
PID:956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\u.dll
u.dll -bat vir.bat -save 1a05be0f3722509a76e1b7e3ae514c2d.exe.com -include s.dll -overwrite -nodelete
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4B80.tmp\vir.bat

Filesize
1KB

MD5
4808a15072a754067ba0a05ad2a6da80

SHA1
4bcdb31f88a215292dc5bac898d2529585c871af

SHA256
1be34a9ca66196e08b399141a9791e7531fdd83824694d42c9b55ef65c4e3209

SHA512
490642b1f5f52a1ba12d482437e25a65b45846b34dcb4d8416e07bfb46f830e2a96f7f4b52abc632ae3e8a2d968e95a3ecb86ed264b22b939d2298a034788675

Download Submit
C:\Users\Admin\AppData\Local\Temp\4BFD.tmp\mpress.exe

Filesize
14KB

MD5
5cc6c6ad21f85de29194e78254d1b453

SHA1
45fa4ddffeb6bb6ac280b50aa2ecf4b7afde8c27

SHA256
ecefbc87130924ecdd69f719110b21d2bb6204c3bc1a49d48d908c12c7657b24

SHA512
5eaa82426f49fc70c1afd6c8cc598343ec405e3e1f5c7b0243ad6c2ff90bf6edade6b0f14da4c4b4aac94e84db9a020d342d2adf17dac933c04d331b64c854e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\4BFD.tmp\mpress.exe

Filesize
84KB

MD5
81a89cdbe1ca589fcf278f401d96c6c9

SHA1
3da8f8962f1117d2a2b1e8be54ecc50e912b57a4

SHA256
9a482bcfb451dcd027dc488f86aed7ea485a2da69c8d7ae9fb386b0492f667f6

SHA512
2b065c117537c823df9b0e4eceed5e5fb6843a8ead63bd5c94177a55f92a0a21911803aecaceb0838b01943284633dcfd8f59eb9cbf66e66afd6f2c2ed475118

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4BFE.tmp

Filesize
29KB

MD5
20f25f43df4ac64ef8aa3332d128ce05

SHA1
51aed543a40398d8b4baf35341c89574e918afa8

SHA256
7add5b6eb3b94df85892696364ef315b99b4a17e371670a845ba642248c31c13

SHA512
815406426ec585fdb3bfbc33d3892834f132fd151ecfa62699fca61a2a1f801d1ec425400bb2b17c5a8b4af868c1cbc39543c30c05c1b8cfe65e9d4ee3610b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4BFE.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4BFE.tmp

Filesize
1KB

MD5
1fd30d21e6552fcbe3dd2a562bc87c17

SHA1
172473f42e5032d7325decc1913b9c7adb4138b0

SHA256
65d52b4d307872463cf5d80571225a4408be42371bde7a49714955ce462ea88c

SHA512
b50525909af88074110250e6065153a32ce01fd36aa26272456c65a190b015fc9cb192a319a237b8bf340643abf3c1f82cc1d5eb749387591e2ea140566314bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr4CB8.tmp

Filesize
24KB

MD5
b799e4b3cff5cefeb8355cff4153f617

SHA1
cf39041f0b03033f148329b62c2f593ffb3ce8cc

SHA256
e6f5642d95d82404f0c87ce3b455c662ad247d533cc01b0f454d194b244207c4

SHA512
62e28c9cf91fd311d2dee021062a92eacf482455842a6f835afedfb368d84de089569ae032a37c85c05c4cc20d1e1aeeda2cda6e673fa42e00b80b19974b9f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
47KB

MD5
39491590c3e84056fbb6b3f0c40e3f45

SHA1
6c8b8381b6a13b4cc37cea581aa7b6c8547e094f

SHA256
52b679e430b5e2b786ea3eac3cd02cc75609d64d2a2ad927a0cbdf780f40178d

SHA512
5cb401ea18e9c39f65c368fa0abb0f29fdc7c509315b20f66542c73164147c471084c5d42ace2aebfc9cd7906e42906f9cc8ff1fe4b12f50d3757d58b80bd8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
ace4bef1eaa126302be21c4105cc6ea3

SHA1
227744c90647355a13c84178f9fedac3f75fdb97

SHA256
8a675772564f80e1e7c4e51cbb64e1ba19990a010b112abc5f050100a6765c66

SHA512
b4909dc9aabd8f478717a08e14648bc131b6176ac794991bd174f61dff9c3d15b0635352cce622e8088515fafbc447dd15717b3c2001ba34f86a19ba2abc4029

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
64KB

MD5
58bc6279e7133841426803dfacd2c96f

SHA1
c1cfdf8a8239a74eb9647920310b20adcfea2b98

SHA256
f10ef1814b188c45e6bdc86437cd89c90949cedbc7bb3161065123790c338701

SHA512
aba33ddc7cc7126cd028d23edb062920a4bae32b14f9068cfbf1ce4669caf6536f48b1bdc209d6b2852d125c4339da324c2b9220babc3d80ce1fd7d943fa98cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
4622c8f8e6f517312d81de2263cfbff0

SHA1
7290a3ec0fbd7388fd2f69c6ded0c81e0b3bfaf0

SHA256
29d45010d8e0a134f184258aaabc0d704af4423a178a9dcdc88a24c3065f3c7c

SHA512
57ffd332cacd940635d5312c549516fc6d6771eb4b25f33041d0f512b6152195b3ca47a0081f35b62717724976914fe1b9257d8d8f9002fd9d6f81f0eb2ad03d

Download Submit
memory/956-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/956-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4652-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4652-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4652-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads