b51676e16dc59ac6fef3a8379113a783d22544a1b73246ffc20c670c24b30b3a

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 08:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

672e5f10ecf3c0b88fe1d55bc2e54388.exe
Size

209KB
MD5

672e5f10ecf3c0b88fe1d55bc2e54388
SHA1

ca3172a9e0736c3731790d0208f9cc266b163abb
SHA256

b51676e16dc59ac6fef3a8379113a783d22544a1b73246ffc20c670c24b30b3a
SHA512

1cd53c198fe7d5d9ee0ea58f89376aa1f07234b4e51f7d8b72a7a845f1d04950671d688a9579f1473b72a194dd59cc515a954840cc6f8838f3448eca7efbafcc
SSDEEP

6144:Ml7ur9z4AxnDCglaMtseU8p3ge92nOmxoeihUFxb5UT:195DC6vK38pR92joPeh5U

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
544	u.dll
4580	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 3476	1980	672e5f10ecf3c0b88fe1d55bc2e54388.exe	88
PID 1980 wrote to memory of 3476	1980	672e5f10ecf3c0b88fe1d55bc2e54388.exe	88
PID 1980 wrote to memory of 3476	1980	672e5f10ecf3c0b88fe1d55bc2e54388.exe	88
PID 3476 wrote to memory of 544	3476	cmd.exe	90
PID 3476 wrote to memory of 544	3476	cmd.exe	90
PID 3476 wrote to memory of 544	3476	cmd.exe	90
PID 544 wrote to memory of 4580	544	u.dll	92
PID 544 wrote to memory of 4580	544	u.dll	92
PID 544 wrote to memory of 4580	544	u.dll	92

C:\Users\Admin\AppData\Local\Temp\672e5f10ecf3c0b88fe1d55bc2e54388.exe
"C:\Users\Admin\AppData\Local\Temp\672e5f10ecf3c0b88fe1d55bc2e54388.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4D16.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3476
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 672e5f10ecf3c0b88fe1d55bc2e54388.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\4DC2.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4DC2.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4DC3.tmp"
      4⤵
      Executes dropped EXE
      PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4D16.tmp\vir.bat

Filesize
1KB

MD5
1afd2c654753106c020221e15ea2421d

SHA1
961e0a1decab80b16456f30cd85f87042595917f

SHA256
730c6086b5868e101293cc65c7e176d3686c840abfeb4c3383e65e5db5648550

SHA512
258adf832ff4ac8c172640ec808b8aa56256e9f90c62bef93168be7bc4f3d7031e7b677707a8251c2ab440bff4533e836fb84af4ec5654e5964d33caf09a69f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\4DC2.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4DC3.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe4DC3.tmp

Filesize
24KB

MD5
75c613a066f65857be61e90d4ea44435

SHA1
825db98cf1f56a88a3d2407f6b20ff8521a142a6

SHA256
2928b10cb3bd918ff461785fb55a8ae8b6fd3f281e03986b3a2d77ad798ebb4d

SHA512
292fd978eb0e6d1e809879396299401a8f41cc2f2a3ed2004c66c573e4b280baf333be8e5510dd46a8f7c837c641d9fbae108b7c1b2c4758ba16bd7b7e8671cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
98KB

MD5
bdfac250d85b9960ecdd4d0456267653

SHA1
9bca2ca42a48e1b65104a7a9c42c6d8de77563b9

SHA256
b9f17523402685adb4f0b0c6b9539398a333f55ad711653dc53ae793773e72a5

SHA512
8a47108b6afc6fc39f937b67e778a11a4447e8dd70d23777beeb47b76c1b153d5d7039ff9bd05fb3e3076287c36a4affcb4dd5fd389f84bfba150ad0d8ca2451

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
61KB

MD5
abe6470a9bb86e070ad07220f7a2063b

SHA1
6c76efc8eeb26fe08e7bd280fbdad4ee436acd22

SHA256
a71e8bd3f15a669f56cb6011f3772e2f455c08e2df6e692f746e9a045551613e

SHA512
89a6ee3cf2992fd292faef211eecd3aebce5608e1aacb8067e4a52a4b648cdeb840d86463121a3c2a58b680759d5d53b047dc719d6af89536e3441b87d666999

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
26KB

MD5
17fc56916eb6bf71b2a5d5af50727adb

SHA1
ecd65110216b817a4ac2f6976efdb8a3f53d6cb2

SHA256
213cfa7f95d8de3b40033ac2f8a6446e3c27febc70a84332a9da68a92ec6dec3

SHA512
31ddce57966cd683d69732db5944a3cfc1bb1083c07fc8756787e12b60fdf915ff5f73b014323ff96a4787ced79ca1e20d0287af51cc218eb88fff81d0dca096

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
33KB

MD5
6346a3dfdd4bf3b5a51ec5258b8f3375

SHA1
c40e354bdab845862de23c6aae7590082a1c40ce

SHA256
ba8edbaeae8d5d238847b508235dd636b6942eceb4deee23efa3b61d1106a838

SHA512
c635f2a170133e34552348c5fd5b00a02368cf36d06e2e1a616933c90def490bb5d2b69f2a182ee4fbae259821e3c2baea925af5b2e3dc531116c6129382d5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
54c56605768ed989c31c213c77b28825

SHA1
84900d8e29bddf425bc061bd066590413d6fe96b

SHA256
810d7f4bba77bfc998e6b02c19342c5ea021e7b9bec2009657468bc6ed1beb50

SHA512
503e8239b3203671340e386dec5e5664c25dc091957e537cf4ecdb40f4a2b833447f1fb6801eb2193372bc113b8a5bcafde9f450b78ae5ba1999d187c6327e2b

Download Submit
memory/1980-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1980-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1980-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4580-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4580-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads