313098e774018f4361923fc875a9cb2d9e6f073e74908deba605b8d2d9362c36

Analysis

max time kernel
147s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47a7a10865dc1b53c0b67bebe61a4422.exe
Size

208KB
MD5

47a7a10865dc1b53c0b67bebe61a4422
SHA1

bce14f250ae0fd85cf4d1dc2aef5be64148603b9
SHA256

313098e774018f4361923fc875a9cb2d9e6f073e74908deba605b8d2d9362c36
SHA512

9f0182a7da56190f14694679084feece4857de277df8d1cef9487f886a2a2219bb34284eafa92a45ff328504d31b3c1a3046c554519450cabd5d4482f170467f
SSDEEP

6144:LlhZKAY72fMsp4DSbP+KY5P6tRneYHOV7+RaCnS:BF4hSxEP4Rn/OV+RasS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2472	u.dll
1012	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 2384	872	47a7a10865dc1b53c0b67bebe61a4422.exe	89
PID 872 wrote to memory of 2384	872	47a7a10865dc1b53c0b67bebe61a4422.exe	89
PID 872 wrote to memory of 2384	872	47a7a10865dc1b53c0b67bebe61a4422.exe	89
PID 2384 wrote to memory of 2472	2384	cmd.exe	90
PID 2384 wrote to memory of 2472	2384	cmd.exe	90
PID 2384 wrote to memory of 2472	2384	cmd.exe	90
PID 2472 wrote to memory of 1012	2472	u.dll	94
PID 2472 wrote to memory of 1012	2472	u.dll	94
PID 2472 wrote to memory of 1012	2472	u.dll	94

C:\Users\Admin\AppData\Local\Temp\47a7a10865dc1b53c0b67bebe61a4422.exe
"C:\Users\Admin\AppData\Local\Temp\47a7a10865dc1b53c0b67bebe61a4422.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9357.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 47a7a10865dc1b53c0b67bebe61a4422.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\954B.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\954B.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe954C.tmp"
      4⤵
      Executes dropped EXE
      PID:1012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9357.tmp\vir.bat

Filesize
1KB

MD5
61fe045aa65711274c22f0763f4ba929

SHA1
bcd4afa9e4852b5f2f20aead3d53ded1168a693e

SHA256
99dd5afec1ab61d3bdf5871ae71cd6439e9e0e08a4691c8fa36825aefcf96e49

SHA512
5b4767a03e18d630311ee4b108c27f9028d69c89f45e40bbacbc9ea70414caeb83eb472c50ee7db7ef5bf4ba9b4c88d0b578799c5b94654a88ca5762cba2179a

Download Submit
C:\Users\Admin\AppData\Local\Temp\954B.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe954C.tmp

Filesize
41KB

MD5
128d8a474434f0011d52427b0a8c0b6b

SHA1
873bc2da212534e2b9404d4bbec121daa4a2dd07

SHA256
541bd26d081ab2f2c77a06f817021e79cf8887bdeaf1bf2d9959f89387957209

SHA512
824bed7c8b309c35e20cef0d75588a4f6892be98cb2e59feb35e1ab8445feed354521ffb1e014366e08eda8fed6ddc6343284be56f1692bad4701229d7d0c935

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe954C.tmp

Filesize
741KB

MD5
0cc2d99fcb893c9dfdb668702f978fe7

SHA1
06402f28d5321606f7f56859a4d41e06821a8f31

SHA256
f6dfece6d3039a28d74531ba74097fef3d2f93b9d59026a79f81e86adaaa9639

SHA512
d16d009abaf8a0578170962e514a7d369555a775078b7778dcf4f1d6ac19110e894e7f500276aecf7fbf4b813569974f9b9d4dc30e445b6976b2f07c935b9fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr98A6.tmp

Filesize
207KB

MD5
b59d8750b9d3a3f3ecfcf5b6652fbe61

SHA1
095a87bcbce8f1fda33118ad7c8570b11e00d78f

SHA256
108e9bfb15bae0e12fcf70f6606a7c2021c2255519e1377c2996285d3dba9c3a

SHA512
a534ef10bb56dce05535f4879d128ef26cd378a35e42c1295bda1625d3fb32248840bed4ac356e121ebfa29fe09684fb3eff0ab66db78ebfe244c28d10cd0d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
0d7a5598a61ab90416f47e5fbe8ecfe4

SHA1
79a72666f18bd5dd42b48cd7133ea17129bda0d7

SHA256
db399314f93f2a2e2d816a345571076401b968634ec12ab7b131e41fd79a2b72

SHA512
aec3e28d6c728cd257bb9f595569f7606d8ff6da5fc840ae874f81f8145edfbf0ae4c78fe597817045d22ba12281ed48a3bdb51d6e116848757c76d15492feab

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
e8a722f87bdd9cb2661fc5cbc84ba310

SHA1
c4976dc53ce86a3df9f52d2d37815ee0d3e9b38d

SHA256
0fa5560f7138ec10319d9cf9d30008671e339974a7d1a47d9c8c64add6adc919

SHA512
7413dc3cc032c27c7979b673b7c4af48f4f5754784498285f7bbc091b24d73f854b3cf4b7ccaef176a76367c71692a5d1a643d649488deecd8722ecb49f26d18

Download Submit
memory/872-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/872-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/872-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1012-54-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1012-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads