aa0e6657837f655c76d0d28ca748b1c8a917337459bc2c7deeb1688dc628ec4e

Analysis

max time kernel
1s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a888b6f553a234b701c21546fa0b541.exe
Size

208KB
MD5

3a888b6f553a234b701c21546fa0b541
SHA1

0fd1bbca094ddec1d662b83340a4aba8b87bf1d0
SHA256

aa0e6657837f655c76d0d28ca748b1c8a917337459bc2c7deeb1688dc628ec4e
SHA512

dc0664bb8dca7a71959d0deec9c92e608fcc31c7a56a5f785bafd10d45c15565e624b1846548003d04a47b3d6260a4c492851cd3c21ecb93c53b2ed43ce0e683
SSDEEP

3072:Ql2/rrWprOG4IjPexw7mB5LAYJxe+vbW7JVPFfraspRCEZLvBjwiUDGJ8Mub:Ql2/rr+hjQUMkgE+vahrTC+BjwiUCJI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3664	u.dll
3908	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 848	3176	3a888b6f553a234b701c21546fa0b541.exe	17
PID 3176 wrote to memory of 848	3176	3a888b6f553a234b701c21546fa0b541.exe	17
PID 3176 wrote to memory of 848	3176	3a888b6f553a234b701c21546fa0b541.exe	17
PID 848 wrote to memory of 3664	848	cmd.exe	26
PID 848 wrote to memory of 3664	848	cmd.exe	26
PID 848 wrote to memory of 3664	848	cmd.exe	26
PID 3664 wrote to memory of 3908	3664	u.dll	21
PID 3664 wrote to memory of 3908	3664	u.dll	21
PID 3664 wrote to memory of 3908	3664	u.dll	21
PID 848 wrote to memory of 3604	848	cmd.exe	20
PID 848 wrote to memory of 3604	848	cmd.exe	20
PID 848 wrote to memory of 3604	848	cmd.exe	20

C:\Users\Admin\AppData\Local\Temp\3a888b6f553a234b701c21546fa0b541.exe
"C:\Users\Admin\AppData\Local\Temp\3a888b6f553a234b701c21546fa0b541.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4BCE.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:848
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:3604
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 3a888b6f553a234b701c21546fa0b541.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3664

C:\Users\Admin\AppData\Local\Temp\4C3B.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\4C3B.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4C3C.tmp"
1⤵
- Executes dropped EXE
PID:3908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4BCE.tmp\vir.bat

Filesize
1KB

MD5
e88f21a829f04c02fc51b8f478919eb1

SHA1
08abda4d48d783df8cb487cfb7d0edf763b96848

SHA256
d2094e9feb861206a458a758bd550ed020f5582d4b8838900c4a77f44e933a33

SHA512
e6ba6c90a8f37fc1c1d8390716cefb2432dce67f55b973820153d7d0843e2960bb1a52a69732b654d8c80a030b25c86f62c760432fd83168aaf8c39dec91d395

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4C3C.tmp

Filesize
24KB

MD5
0761d37b969cc4366e7270e7a2263bb1

SHA1
6c5e1d57655b72f878e488d6191285aefacb6895

SHA256
dde7be8b9e49560cfedc381a148b31275675b04dcc4ec63eb2e6b8de9839da85

SHA512
c5bb26b07329f1b19b4c3082fa91aa884f5176a6c04a71cf057c2ae16691b88ef1b3ee37a144de4fc27322c212195d0fe4e1cea8bef684e50502fc3e2609839b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4C3C.tmp

Filesize
36KB

MD5
2372cf3b6266329db6d1a6148f55acb8

SHA1
a7f454da024d90c483947462ff7fb439ec8210e7

SHA256
8ad48d22b1705ed704d2a4e5ad3fbfc75128a717623edaac57001e8badfd514b

SHA512
bbf82b24577733416c3cb8431989267e4a5647529a9c537e7e6fbdd0a92d02d00e806d2b60b2521342a217ab1083cee55f7bdd3442dbfc5ba782a6cb1db07fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr4D07.tmp

Filesize
13KB

MD5
10992eea08679b138df5e6eab7cd0acf

SHA1
a63ec2bf2f128e2a2bbc3f0ec07f7cb83fc11aee

SHA256
1ae1272c3500cee8552cc5eaaa658d8d86cac1b4f107f995095c64db51a8539a

SHA512
805020a974c91ab5446a95ce1650c406e2f2cc1cc37d8a03acaa38b0a1b5b08d16612267be16dc4a879bc732f93e1e2dc28e8619beffb8258fcbef918b62f910

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
44KB

MD5
ba5e44d48352c3e180cb4fc1bcc28465

SHA1
19cf5208e38b7034e328c12bf7e7e4c68152e7be

SHA256
a85e2452afa011f9dc210cbdefb1133368d69528d99330fc3a95ed2fc4b3cc05

SHA512
4c8bf315107e1002c22343571887d98bf1d899ed69a5776f3bae5f1d0c2fd843a36c1aac7dd9cdf44fb5803d27475b98272eadc5fb2d9124dfb257c81ed1afde

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
104KB

MD5
41663233b8d06dd929ec31bcfd39ea1a

SHA1
6bfd00100fd634ce984c1898d80ce8770c29d265

SHA256
67ee19556b811dc3c246071cf745dab186dd1228297afebd713742a405dc33d8

SHA512
37a87d9de390cff432df3eeb05122814d63770f79644c39b749994543f72cd710a59d7344ed458e7879b0e53aeab8059e3b47e951e70718180fabb75833a36b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
73KB

MD5
4a115fed5bb76b549ab69a6807ca4ada

SHA1
a85234b95ca09f98a00145daef67999d11929fd8

SHA256
6ee140ba824e052f88525f7b3d4f02a0623b350e9621d6f9f46eec1c173a67eb

SHA512
39116cb50c518b93f65fdc71296a1060e06aa8a2853bea640f3bc9522d7c5d5a78f34c4bd30aa88a3516f25ca5f21e4bdfa1b8233a4a7ad42d91a21da6eb39b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
43KB

MD5
4169587ebd0b701d8bea6cfec933358c

SHA1
8115bc035438f07d0f68203e3ec049c754b53f5c

SHA256
0c4a617aeaa44503607ab6f85cab9aaba596127a5f1a868f047b965b7b7227ec

SHA512
2446cecaf731c54f16246903c5c423727c02f2b5f8e92bd49e0fae87dd57ce7666ac7a1b600e820d6e57eef6f9e1887b2ff09a3ed007c4fa9da2f072c6a94fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
32cfeb3857d06dc6983d9da07f96715e

SHA1
7ead9d623ec1114c47a9337a19f93c38215d79af

SHA256
a26042fe1f87cbec1ac420c4d6d7c490abb05fb74323ea84baa3582bee1d557d

SHA512
c7f4afcdd0361ddf916de7f34dc6bd7f9151840464d434cef5b876ab1b283951f4ca71480cf4cda4b05071422ad49455a03959ac69cd7699a01fcd285a78fd40

Download Submit
memory/3176-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3176-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3176-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3908-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3908-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads