Analysis

  • max time kernel
    1s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 23:44

General

  • Target

    4a16a2eeb25368c6893a2b10323b097d.exe

  • Size

    208KB

  • MD5

    4a16a2eeb25368c6893a2b10323b097d

  • SHA1

    6d6abf154af69a953bde2ed60a71a9d18e4c6ca0

  • SHA256

    a9bfa465d80b94474d989c595dc98d1b23b0c4d02aa31bd1e564c340d84f3a0c

  • SHA512

    e51ffdfbc5bcf0e992b6fe4aec7644fa6b52f1242960a7e751edb1527ff565d19a970b61f0e08775fe06f962637b05f0ffa8d6c120e6a2cf81ece503fe27f779

  • SSDEEP

    6144:7lH4Z/VA799SAT1RPU9ZADrmbjicBhR5uEmTbcPq:ZY699BAZAH+jiahR5uEmncPq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a16a2eeb25368c6893a2b10323b097d.exe
    "C:\Users\Admin\AppData\Local\Temp\4a16a2eeb25368c6893a2b10323b097d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4E6E.tmp\vir.bat""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:512
      • C:\Users\Admin\AppData\Local\Temp\u.dll
        u.dll -bat vir.bat -save 4a16a2eeb25368c6893a2b10323b097d.exe.com -include s.dll -overwrite -nodelete
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:556
        • C:\Users\Admin\AppData\Local\Temp\4ECC.tmp\mpress.exe
          "C:\Users\Admin\AppData\Local\Temp\4ECC.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4ECD.tmp"
          4⤵
          • Executes dropped EXE
          PID:4764
      • C:\Windows\SysWOW64\calc.exe
        CALC.EXE
        3⤵
          PID:3408
        • C:\Windows\SysWOW64\calc.exe
          CALC.EXE
          3⤵
            PID:2364
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
          PID:1332
        • C:\Windows\system32\OpenWith.exe
          C:\Windows\system32\OpenWith.exe -Embedding
          1⤵
            PID:3332

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\4E6E.tmp\vir.bat

                  Filesize

                  1KB

                  MD5

                  3350b31e7a02e683a845888c2554039b

                  SHA1

                  a03dbf85f7a9923a03db8b8689bd6ac715be8875

                  SHA256

                  3299f6343b1c9a9df39695f60df3f023b234684444ce15b8d34611d11f092c72

                  SHA512

                  65c55aba837d4c54a616d58e3337085334f89bbe02bc928e5a583edb04744718d278916fc6534c9b28623f020d176757098122295aae1135cb41a5dd7bdd5134

                • C:\Users\Admin\AppData\Local\Temp\4ECC.tmp\mpress.exe

                  Filesize

                  100KB

                  MD5

                  e42b81b9636152c78ba480c1c47d3c7f

                  SHA1

                  66a2fca3925428ee91ad9df5b76b90b34d28e0f8

                  SHA256

                  7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

                  SHA512

                  4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

                • C:\Users\Admin\AppData\Local\Temp\4ECC.tmp\mpress.exe

                  Filesize

                  57KB

                  MD5

                  ad855c26ea2f3706ce13cc626fc3b9da

                  SHA1

                  303bc5bc3db11a629f6cccfc5b5108ae5bdc9543

                  SHA256

                  3a410b6a06a351a40e66c1f5509f4c7cf788d07a9cb37d36a2b98bd60c5619ff

                  SHA512

                  6f2b1f11218be19a9f834969f0ebb8727675f9e0fce428d63ec7cd88d90f357c8a42080c20685104fb8116ed26cab8b39f1eb977d60fd7c4434c72295bedc2d5

                • C:\Users\Admin\AppData\Local\Temp\exe4ECD.tmp

                  Filesize

                  41KB

                  MD5

                  5a16fb75977e1799ed52f35a164922e6

                  SHA1

                  c1697c61c42498f0501a886392ddd2560646b24c

                  SHA256

                  f625375b30e87216e720919833d9d4e7bc11f0b61a9d2d218817d2ebb140d7de

                  SHA512

                  1e31f17c0fea7df5bd321ff0015b8226a378b649c43df1111d9467b0f86f3a14e5a7ae9ed00314695f688b7cc0c18e44b3fa6521a8fea5943e4eb9a69a612216

                • C:\Users\Admin\AppData\Local\Temp\exe4ECD.tmp

                  Filesize

                  24KB

                  MD5

                  e6463306e4c9e1869c45c0433ea1eb4b

                  SHA1

                  33512256446775a16d9ec37c2ffbf1c181bbcea6

                  SHA256

                  c06e36b469862896e2c897a6c5d62904001de12be848452d77aedc560c2630aa

                  SHA512

                  a1fb58a92a6a57b166092cae0898937d652ea1f0f555f4829094d5efb7cd4763890ce76e35923ebbef6b3981b5565e0feae2484543f38ef999d6f22fc67bb589

                • C:\Users\Admin\AppData\Local\Temp\s.dll

                  Filesize

                  103KB

                  MD5

                  88a779d2c56a270e669b562e06900178

                  SHA1

                  239c9087a29726371bcfd404f3dff783aff5b07f

                  SHA256

                  11cc5a32831eeac45e407f9704af83a1fc6b91de245daf17dfa881e80b1a97c6

                  SHA512

                  5e3cdf3229d179c3abccb143f461b88156b3dae31d65d64849642de74026bd0afa3070acb1e6143a21741ce517f3e4b69c198fdc179252b61593831acd8a95f2

                • C:\Users\Admin\AppData\Local\Temp\u.dll

                  Filesize

                  68KB

                  MD5

                  2325c3435c52cf4a0a62ac016df6daaa

                  SHA1

                  f448f71ebc6ff475d59dc7b3884b087b7edfe770

                  SHA256

                  130b46e715d57ce9ffd9b8a06215f6a4cd60a4ad245c3815ca19882790eab74d

                  SHA512

                  c917b7d43c72aa280379e4f527811f2b44d2327113d06ed9457b6dff67c0400a9117fb6effc73ce28b3725058861769a69817e42d16ffb0bd0b6558668e1f307

                • C:\Users\Admin\AppData\Local\Temp\u.dll

                  Filesize

                  117KB

                  MD5

                  732079ec40108bc90646a01f70591827

                  SHA1

                  84f97eb9184e2157c73c343c6790d4c5fd40ef43

                  SHA256

                  bdc06b10223c46033b4de87ac659c088b66a0ca2f9b53096086839bfab3296eb

                  SHA512

                  089538f6e9a43e05d473a34fa9efcc976249b05ea6351b7d243addf0e1d0f7b0e7582305f24325c35144c83d98b5e94b58ed7a336677ca680923883d30af1dc3

                • C:\Users\Admin\AppData\Local\Temp\u.dll

                  Filesize

                  271KB

                  MD5

                  e5dd02264fc60a88b9d27e9f9d63053c

                  SHA1

                  fc57944674d220b50b94d3c8a61038675fd60ad9

                  SHA256

                  9e57a5a588b0bda5c205126bc3ebfa50c81aa1e61f687af576d69ea4ae3f2f66

                  SHA512

                  cc3a1ef4e43caec6f540540cc43b32a1fb8e29a9bfec6cd49850001bc63502f160609d26f480bf667057661f138e21a09be8638713734745842887b3722f8c0d

                • C:\Users\Admin\AppData\Local\Temp\vir.bat

                  Filesize

                  1KB

                  MD5

                  116ae338a55d43083bbb8840b6bf003e

                  SHA1

                  1b84f9329bfc6268031593a2d0b01f12ff395dd8

                  SHA256

                  75e4a0e3f6356a27707c78acf6300edd14fa0857fde677b5dae9b0aa351842e4

                  SHA512

                  56c4f411091eb5fc047da2c30b3dc86638c92f88e0441ae166998c60c3751c32891638083cf197401e1a084fcfa2542257dc09a3de03b83c7fc88f876c1e6f22

                • memory/3812-0-0x0000000000400000-0x00000000004BF000-memory.dmp

                  Filesize

                  764KB

                • memory/3812-1-0x0000000000400000-0x00000000004BF000-memory.dmp

                  Filesize

                  764KB

                • memory/3812-71-0x0000000000400000-0x00000000004BF000-memory.dmp

                  Filesize

                  764KB

                • memory/4764-56-0x0000000000400000-0x0000000000434000-memory.dmp

                  Filesize

                  208KB

                • memory/4764-63-0x0000000000400000-0x0000000000434000-memory.dmp

                  Filesize

                  208KB