3d0932e4807b81218e291e619ac0f971a2b2116ccb31655dff4cf2428cced9ac

Analysis

max time kernel
143s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 22:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

54d0ed7e99d84ccb63e403667461a107.exe
Size

209KB
MD5

54d0ed7e99d84ccb63e403667461a107
SHA1

dd0d482a0e7688a7a6cb9ae334f72db37ca5b807
SHA256

3d0932e4807b81218e291e619ac0f971a2b2116ccb31655dff4cf2428cced9ac
SHA512

d7780f3b77cf71f9b298ec573bbb2920ec84431b765d84fdeccce44e7287af02b01ae16ff0a055cd3a1b7dc1dced29326d99f8bd7f2b3f7007808d492058f9be
SSDEEP

6144:qli5VpBKEb4dAfQl9OBvsGee2h6P5+aUO5+lP:NME0J9OBvsMUOCP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3164	u.dll
2664	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1072	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 4624	3356	54d0ed7e99d84ccb63e403667461a107.exe	91
PID 3356 wrote to memory of 4624	3356	54d0ed7e99d84ccb63e403667461a107.exe	91
PID 3356 wrote to memory of 4624	3356	54d0ed7e99d84ccb63e403667461a107.exe	91
PID 4624 wrote to memory of 3164	4624	cmd.exe	92
PID 4624 wrote to memory of 3164	4624	cmd.exe	92
PID 4624 wrote to memory of 3164	4624	cmd.exe	92
PID 3164 wrote to memory of 2664	3164	u.dll	93
PID 3164 wrote to memory of 2664	3164	u.dll	93
PID 3164 wrote to memory of 2664	3164	u.dll	93
PID 4624 wrote to memory of 4436	4624	cmd.exe	94
PID 4624 wrote to memory of 4436	4624	cmd.exe	94
PID 4624 wrote to memory of 4436	4624	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\54d0ed7e99d84ccb63e403667461a107.exe
"C:\Users\Admin\AppData\Local\Temp\54d0ed7e99d84ccb63e403667461a107.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\19CC.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4624
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 54d0ed7e99d84ccb63e403667461a107.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\2054.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\2054.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe2055.tmp"
      4⤵
      Executes dropped EXE
      PID:2664
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\19CC.tmp\vir.bat

Filesize
2KB

MD5
3555f3c0cce0158cde70ea4e2bf7bdfa

SHA1
2c26513fa8829da875dceaa5a38b601bb112bec6

SHA256
9866699d851530f567a41ddbdd404c948e69ab803f33d856cdc0426232107058

SHA512
1c7ebf2aba7f761cc85fd3f6fe83631ff69f873ebeb855fb3849511f2af9e19e7f268a622a7e832b973869167a65377b51c434febb0e8f6b6f8972cec0dd3671

Download Submit
C:\Users\Admin\AppData\Local\Temp\2054.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe2055.tmp

Filesize
41KB

MD5
f6e37b5b08d4514d8347cb5ed4e670f2

SHA1
0c42b901ed5f2e9e76822ccdab3299b714a89cf0

SHA256
41ac25ee169e9baeccb3d8ccaa3be68b912286125520e56d0ed9854608966a02

SHA512
03cb6ed9236b0e5b679ba92f4e5ca07a1874717af3dcb7f24237c7431bdacfebcfecd46df500083f40f626f5ddef4b18c12feb5338924522dfd9f32751b6f301

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe2055.tmp

Filesize
41KB

MD5
3e16ccd0f9128057a138e3a6a5c43e19

SHA1
c5c5e069ad2e7b5c317c1453949b3213e93f8a78

SHA256
1f7aa3ab8049c6aa65a2343a14132b9d88f08dc3305b9a9d73b0f949b5f8ff1b

SHA512
683928cf79bb57dc809f02435e06f4e1ab8ee06777b97a1d624d96bdde3d114a664d65040777829aea26701eb502b2ba35a5f23485750b81fd9553d840907607

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr30CF.tmp

Filesize
24KB

MD5
8c4bb4774bc8c5f06ff907bdeb1298a9

SHA1
da0f8151278a50f69dd270ec1e68fced19f3e414

SHA256
c1489e93207a2cdc0d0bde29749879ee513dc5687f425ffa7aedd8ad43fae0ec

SHA512
c9d859d5d33a2d82d2efa971dc1b55a62a3988214ee42467aea8b57c1ba975db14d37a9ada74f09593cfcae42fb61661d3ecc29aa76d8921e17a51bf714c2763

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
84b76845654285a13592c9e42b2f8b8a

SHA1
af1373a5c315f3fc3fb18d88ad4c28f6938de640

SHA256
635da8f03b922a520ffb1ad9c4e8c460822cec92bc02c14da4d2455ba0300242

SHA512
a0c1e791d4f571b27f34f37529ac0391557f08edf6feaa9866117924a6e2c0a5eae0c9f88f79f570321676b6fa630933f301324f08915ad13825ce76d7aef33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
7614167f4151a78f1e1d004a26297ee6

SHA1
acfb32eac82a44a233f313c6e311019afd4cdcd4

SHA256
5a7c357e125bd5b581f5b06acb42cb626a71e21390043c5f220a900790fa5508

SHA512
a2687b096678b2f9061a9ee6d5d3ff981ab6c666d0a2c616c203add9cd8f25e328b9429adf39ece19136d048917b668da3a3ad82fc1d3a8cee460a46f4890ed3

Download Submit
memory/2664-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2664-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3356-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3356-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3356-54-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads