929d6dedb06e32de238ea60b4923f30385efee26d68e542d32775ee2989b3e5c

Analysis

max time kernel
1s
max time network
10s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

488aa6ef5fb22ecc988f52397ffb6edc.exe
Size

209KB
MD5

488aa6ef5fb22ecc988f52397ffb6edc
SHA1

2631a533b03eb78605f5b51338a96958b1126975
SHA256

929d6dedb06e32de238ea60b4923f30385efee26d68e542d32775ee2989b3e5c
SHA512

f85c7470547d3129c6496220fc33e570ded64e34ab59af2615aae629f9c15b3c8816d0882a9ffe28eed992abaf2765aa7a78ac6f88ed73199a90e51c7fef3913
SSDEEP

6144:zldu+vpEnwIO9VwSiO3cW0FHXXqQ+4rLY2:vucntbcDhnqh4rL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4968	u.dll
4284	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 4484	3788	488aa6ef5fb22ecc988f52397ffb6edc.exe	22
PID 3788 wrote to memory of 4484	3788	488aa6ef5fb22ecc988f52397ffb6edc.exe	22
PID 3788 wrote to memory of 4484	3788	488aa6ef5fb22ecc988f52397ffb6edc.exe	22
PID 4484 wrote to memory of 4968	4484	cmd.exe	23
PID 4484 wrote to memory of 4968	4484	cmd.exe	23
PID 4484 wrote to memory of 4968	4484	cmd.exe	23
PID 4968 wrote to memory of 4284	4968	u.dll	24
PID 4968 wrote to memory of 4284	4968	u.dll	24
PID 4968 wrote to memory of 4284	4968	u.dll	24
PID 4484 wrote to memory of 4516	4484	cmd.exe	25
PID 4484 wrote to memory of 4516	4484	cmd.exe	25
PID 4484 wrote to memory of 4516	4484	cmd.exe	25

C:\Users\Admin\AppData\Local\Temp\488aa6ef5fb22ecc988f52397ffb6edc.exe
"C:\Users\Admin\AppData\Local\Temp\488aa6ef5fb22ecc988f52397ffb6edc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\824F.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4484
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 488aa6ef5fb22ecc988f52397ffb6edc.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\82CC.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\82CC.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe82CD.tmp"
      4⤵
      Executes dropped EXE
      PID:4284
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:4516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\824F.tmp\vir.bat

Filesize
1KB

MD5
ec3b1ea59faebbd2106e080ee05f856f

SHA1
ac5b113b51d795d199521781cdb94f00f600b77f

SHA256
764a803458a531da1283da100f63af4c7628231d49826659e7f4f718fad9f393

SHA512
eb97ea581f9468bc98c9b9657a599fb283ccc6cf5671593a13a16277677d3d9552399a9e4b50c8ee035029de3bb6731d3bbdc5307f73e41e8d148185e22c3838

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
94KB

MD5
f2a03a6beb16bba96be9ab72a1526bdf

SHA1
01a64798a011ee623981a0de68c26899584dd3e6

SHA256
d46ee06d49c794f687ba714ac95a27ae032605657af12a2c7c6c113050da941d

SHA512
a30d13c2977519ae7698378577f3fa80efe0c8fca5d706e552249f5b828616767ab57babc054bd7aa8e086ab60974b88e7c9b087622e25a45faa62864855daa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
92KB

MD5
3ead3d1666a7ba5496ca7f0bdba490e6

SHA1
1c2707e1ed0b80eceb9e222e7c12e922e1ad1a13

SHA256
9c86a7b9cbd93a18253b5101b8a4272f9396e752177b5a49520384df06f18f5d

SHA512
147d684c5f73aa2aadc05c01c9aa31e887242edf53b97f151024ddf84384b2517dc6bd9a7bb52d9c607f47583b7b4868e809ad042e7f8e951e6a331004c62335

Download Submit
memory/3788-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3788-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3788-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4284-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4284-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads