053bbbda869d3cd0f1f00178cf4fae3b6ef85f06bb3eeb874c2ca9f4af1670fc

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50a2d7e4a6cfa3e8596ac960deee46f3.exe
Size

209KB
MD5

50a2d7e4a6cfa3e8596ac960deee46f3
SHA1

1ab53987da8edb27e0992326f492e01cfd21529d
SHA256

053bbbda869d3cd0f1f00178cf4fae3b6ef85f06bb3eeb874c2ca9f4af1670fc
SHA512

4588d973b31967093881c243c57330bd46811c00a5ac163bb698ca78eaa11db11d30cb88561c10835ff0e9e5c79806a15da902c74669c64d5e00da5021073580
SSDEEP

6144:DlUzl29na2Fi859T5Lue+PMXav5TgwzSW7:m49a2FDvJFKBTgw+W

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2880	u.dll
4172	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2932	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 460	3980	50a2d7e4a6cfa3e8596ac960deee46f3.exe	89
PID 3980 wrote to memory of 460	3980	50a2d7e4a6cfa3e8596ac960deee46f3.exe	89
PID 3980 wrote to memory of 460	3980	50a2d7e4a6cfa3e8596ac960deee46f3.exe	89
PID 460 wrote to memory of 2880	460	cmd.exe	91
PID 460 wrote to memory of 2880	460	cmd.exe	91
PID 460 wrote to memory of 2880	460	cmd.exe	91
PID 2880 wrote to memory of 4172	2880	u.dll	95
PID 2880 wrote to memory of 4172	2880	u.dll	95
PID 2880 wrote to memory of 4172	2880	u.dll	95
PID 460 wrote to memory of 2476	460	cmd.exe	94
PID 460 wrote to memory of 2476	460	cmd.exe	94
PID 460 wrote to memory of 2476	460	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\50a2d7e4a6cfa3e8596ac960deee46f3.exe
"C:\Users\Admin\AppData\Local\Temp\50a2d7e4a6cfa3e8596ac960deee46f3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\445C.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:460
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 50a2d7e4a6cfa3e8596ac960deee46f3.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\44D9.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\44D9.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe44DA.tmp"
      4⤵
      Executes dropped EXE
      PID:4172
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:2476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\445C.tmp\vir.bat

Filesize
2KB

MD5
b27ca5fb9b244bc5735cbe6e24be25f8

SHA1
0635f80dd9d507a156fb9ef295d331b9b2da837c

SHA256
1d9a5c0de2b8ee3a44066c42d27f239aed93d76bebf3220b5366da132dce0491

SHA512
4da97f624bfc6b8dd1effbf1aa4d416c62789387cae257c2b1f1f165a03e1a4ab7755642167f21b2263601facfc9c6bb5037c8e3a27cbf1fde28b553c4302a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\44D9.tmp\mpress.exe

Filesize
64KB

MD5
fe56f554177a3fb37d1288438f25484c

SHA1
e1109031057902b9e4d27712c7b8d889cd3f7241

SHA256
5ce33d0d34d017bb7883185a13b71f15db980eaa7ffd1419567a4c5c42d5bfa3

SHA512
0930529f2023f105ae24b6297ce623cfbb823b43151ac5abe586811e8f8256fe142764ab3199360b67113760da909adf1abd97a6de3f80c0e0fdf695ce96a236

Download Submit
C:\Users\Admin\AppData\Local\Temp\44D9.tmp\mpress.exe

Filesize
32KB

MD5
9302730bbf2239cd31b4e97bb1bcd8a5

SHA1
d702479cb64151ee92404e79d69f6d0180cea018

SHA256
11ed9b6486b48752ec141b22d26431b5f92578280e4e3a49037e8c05efa1500a

SHA512
8021a51a66c2d163bef8aa22c797f29bce7a3688f465d54eb5488481f9e6970fd34ab2e4a274767f103892c2a0bf1206b0bf131f56c9805596269273cdb18540

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe44DA.tmp

Filesize
41KB

MD5
a2c3062fa164e9bfe5a343b4dcbc95c5

SHA1
3a9ab7db5f1a0c958828a58561779800532babee

SHA256
abaa1cf5206bf5b210bb8673e718356cfce1b863f7429df9fb88dff486a9e642

SHA512
cc3af460becb242a8e06c1906b49949a7d7fb4f622950ef9c3479f5143d70bb261c91131b402f98a34268d1d94ef45f4b521a09295360a231700ade6d739fd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe44DA.tmp

Filesize
41KB

MD5
72692c553c3079f0bcb8fd48f3932e39

SHA1
96717590acbe6dba760d276733de99c851ff77f6

SHA256
3d531b15cba31c221ce835fb5ba2b7da7bb6c679cc137116e8d0a092db12b2c5

SHA512
c0d9195d8ecc9ddf4c73ef48ff96f5307837272bb714d0f188915cc2222c9658d653a111a2704336c4ab0f98b349fbfe514f02e93ce52145606c33e29d5ff6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
376KB

MD5
1c2ea4de55905dfa5dfa8bb9a75d1132

SHA1
b1e6ed4c49acee7851f0f90f0a106400b965cff2

SHA256
a3b867f648813eb90af98284a3200f8516b1d1dff1e75b7ac42555c57b974a02

SHA512
b9d46ed2cc49026bebc2820f288c2f0abdecbeb85cf26b9d361c71884d0ecb86ccf015c64300fbd649056381f884936caa694dc03b742f42338399b62151e066

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
518KB

MD5
95aec614a4307a6435b05e1f66dc442b

SHA1
972b08b06415b9c1bb3d79cdf9ffc47e02f5e4f0

SHA256
cd287f2e79042bd4bdc5d5bcaceae5e504f49bfd63ed36b914d5e14d0d68b2d3

SHA512
6a0e7ad0623fefe4a88ab209ee8dabaa05002e1e151265497a99bc2d91e4b7e3beca6c38c58e534ba569863631784aa2da89c128ad02c34c77457934d8c36e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
320KB

MD5
6930b70208d804a356df90dc278f4a95

SHA1
6e2b794a2a259be4145974c6d3f0ec1348310bd5

SHA256
3308fe0a961ae4b4a31df91b642e4fb14bbd7d980bdbae17329f9e1810dfd3b5

SHA512
5caa01b8b3ad4b13c8439a70e3c4f6b7acec51482bf99d2aedf012e4b85e646fc3db4adfca68bffd723637bbe04725cf5454c3b8483466286c8527aef9f46a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
533KB

MD5
f81b84b02927d21873f914c4385ce65f

SHA1
68e8e864493b06a27476bdce7958883873f0f823

SHA256
67355f2fd2508b6ac8341e240fe514f1048be56220a2c17695cc3e29efb80dd0

SHA512
72cfadbfcb727d41bd47e94c334dd8dbd70cec26a7a58e1d7c780ce94a3ff1fc74660e710ef92bdb8cd15eee97766b13ef1145329ed40ca298bcbefe7a083a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
ab02efd1452b61f23d09a86635b090f8

SHA1
040be81519f50dfe0df28ad54f68b5fe43c3603e

SHA256
a096ca3b6fc9d1cf257efb60225eab8a6615e5d5e4c51b77ba710aa8b313ad11

SHA512
855d2515e30e279ac8169713074459bc2a3daab3af02b861b3f9920a0df940e9305ab9faef67ca2963a6582e6ce317cc784461593fd169a752b28bffce5b82e7

Download Submit
memory/3980-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3980-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3980-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4172-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4172-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads