e5e8b1217cac444e0f89a69c678a0687a25a4dbdcc63a102b4e675944b97d469

Analysis

max time kernel
169s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51fd50df40d19d13b412383197889471.exe
Size

209KB
MD5

51fd50df40d19d13b412383197889471
SHA1

67a8984b803f9543de5307d04381bf378675b138
SHA256

e5e8b1217cac444e0f89a69c678a0687a25a4dbdcc63a102b4e675944b97d469
SHA512

14248e5cc0d24aa33bb679a39300c64c35c08f1a22a763a8f96ee063af152c74220e24237b0a57c2a20b9ad76df01e88fb636a7cc9f0dd7288aff69006c78ab8
SSDEEP

3072:FldnAR6Ox0hqHb04xgQW2XGjrfWkv7gVyEW8947OhYCHGXODvjLiOoRda1E/ejuK:FlddzozE2XGjrWD7bubC6273E/kEl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2632	u.dll
1268	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
916	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 5076	3452	51fd50df40d19d13b412383197889471.exe	95
PID 3452 wrote to memory of 5076	3452	51fd50df40d19d13b412383197889471.exe	95
PID 3452 wrote to memory of 5076	3452	51fd50df40d19d13b412383197889471.exe	95
PID 5076 wrote to memory of 2632	5076	cmd.exe	97
PID 5076 wrote to memory of 2632	5076	cmd.exe	97
PID 5076 wrote to memory of 2632	5076	cmd.exe	97
PID 2632 wrote to memory of 1268	2632	u.dll	100
PID 2632 wrote to memory of 1268	2632	u.dll	100
PID 2632 wrote to memory of 1268	2632	u.dll	100
PID 5076 wrote to memory of 4496	5076	cmd.exe	101
PID 5076 wrote to memory of 4496	5076	cmd.exe	101
PID 5076 wrote to memory of 4496	5076	cmd.exe	101

C:\Users\Admin\AppData\Local\Temp\51fd50df40d19d13b412383197889471.exe
"C:\Users\Admin\AppData\Local\Temp\51fd50df40d19d13b412383197889471.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\92F4.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5076
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 51fd50df40d19d13b412383197889471.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\BCF2.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\BCF2.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeBCF3.tmp"
      4⤵
      Executes dropped EXE
      PID:1268
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\92F4.tmp\vir.bat

Filesize
1KB

MD5
ba1673527cd0da012485176fc62f4c8d

SHA1
41bbfd85a34b7d471a61523aff4016e5b63d6d40

SHA256
f8a421f124a996add3c62fe2decd90c39438accf64516888e90a4902bc506a8a

SHA512
9ac5b7957f48fdd93b7549bb84f6da9fe5014d073649fedbc889e7afbcf4b83b9863a98f0e6bbc21e96ad563bfe6ba838248b59f3584304cf0926f25bc696f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\BCF2.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeBCF3.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr1A74.tmp

Filesize
24KB

MD5
b799e4b3cff5cefeb8355cff4153f617

SHA1
cf39041f0b03033f148329b62c2f593ffb3ce8cc

SHA256
e6f5642d95d82404f0c87ce3b455c662ad247d533cc01b0f454d194b244207c4

SHA512
62e28c9cf91fd311d2dee021062a92eacf482455842a6f835afedfb368d84de089569ae032a37c85c05c4cc20d1e1aeeda2cda6e673fa42e00b80b19974b9f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
d973eca501fa38b563a365819e2769a7

SHA1
d4a3cf0f741f414e05132cc11aa48728239e7540

SHA256
efcd4f2605049a731387e6c70c6a5c187b5ca5f646dbab58d46aa024ce74c836

SHA512
62267f4d4afb0a4debd3179516570815ad0c298602079834a5ed8a7bcaaaffb5dba05894d6371bb8a9591bfd88a416d554f037bd2ab7896b7ee3bdc11b4bf788

Download Submit
memory/1268-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1268-69-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3452-8-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3452-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3452-18-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3452-3-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3452-2-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3452-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads