ba912bd741770fa27e54e36dfaffb5bba9d84eadbd117269e0e9c96f7fa781bd

Analysis

max time kernel
141s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

711f728f257dba4b0a7e394d92b0a55a.exe
Size

208KB
MD5

711f728f257dba4b0a7e394d92b0a55a
SHA1

28bd8a67527f6c77cdf849a8069b5667c94d84e3
SHA256

ba912bd741770fa27e54e36dfaffb5bba9d84eadbd117269e0e9c96f7fa781bd
SHA512

91354c080d5fbf43c0f3f3ff9ff6a6c86329469475cc9c5b7317aabbb712e72f2224937d35ebd3e995a1407de0d1d24a7dabdded0208a6ce827d6a0f3e59c33f
SSDEEP

3072:yluy78nwop7tNy+BxNE4JV5Ad1W/kPkfWZozsW22XN16U+ylU9FZjJQuhyAeac:ylNgwMNEC5Xs8fbzU2d1cymjJ1hm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4008	u.dll
888	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2100	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 3536	3324	711f728f257dba4b0a7e394d92b0a55a.exe	86
PID 3324 wrote to memory of 3536	3324	711f728f257dba4b0a7e394d92b0a55a.exe	86
PID 3324 wrote to memory of 3536	3324	711f728f257dba4b0a7e394d92b0a55a.exe	86
PID 3536 wrote to memory of 4008	3536	cmd.exe	88
PID 3536 wrote to memory of 4008	3536	cmd.exe	88
PID 3536 wrote to memory of 4008	3536	cmd.exe	88
PID 4008 wrote to memory of 888	4008	u.dll	90
PID 4008 wrote to memory of 888	4008	u.dll	90
PID 4008 wrote to memory of 888	4008	u.dll	90
PID 3536 wrote to memory of 4904	3536	cmd.exe	91
PID 3536 wrote to memory of 4904	3536	cmd.exe	91
PID 3536 wrote to memory of 4904	3536	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\711f728f257dba4b0a7e394d92b0a55a.exe
"C:\Users\Admin\AppData\Local\Temp\711f728f257dba4b0a7e394d92b0a55a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3DA5.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 711f728f257dba4b0a7e394d92b0a55a.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\3E03.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3E03.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe3E04.tmp"
      4⤵
      Executes dropped EXE
      PID:888
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:4904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3DA5.tmp\vir.bat

Filesize
1KB

MD5
0e6f20d352ab0d9455d8ffae428ab173

SHA1
83c1e1e1db657037bef3307638acf61e6f9426b0

SHA256
8414fb6aebe5e56139d1263274c5564dd281e93191cad3fc28497646fd5f07e6

SHA512
b423ba715de8ef630025d86dd3d8c23fb6b63a50b5154242edeceb6d587e0fbc2eeb0fbb30a687aadeefd76a70cfaf0efabc3be16c987ac2a47368e3749d0263

Download Submit
C:\Users\Admin\AppData\Local\Temp\3E03.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3E03.tmp\mpress.exe

Filesize
76KB

MD5
e541372631102ef0ec3a7c78b604ad02

SHA1
e359a552310f042e4297a508a33db26f27bf8035

SHA256
37c0d9312d90e4681c31ca081a65e35b424c44dd3755f7be0c7fc4041270b7f4

SHA512
82e0ffbdab18d451b7609919c5b98c33cd1e1fc156646d1dbba837c5739e786c83fc9004bba0ca4f530eb22f03135e7ba6bbdc3d06525350b10364ea6898e4b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3E04.tmp

Filesize
41KB

MD5
cfb6c23b4ec82cb8a0c562d2b9f34c23

SHA1
c7b496195abf2cceb09d8536768d83ab4aed6687

SHA256
28feed5f31044cbc96b185cd8ac0b12cffbc848b895ffce7d4005e25f7a8faff

SHA512
55a2e71b87db5af46c90eab14f95534d0deed807e91c4a52fb762141972a051633decedaf41b19b857efe8fd24821b59e15b33c9e00073da094495ea316420ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe3E04.tmp

Filesize
24KB

MD5
1c591a621b30fb31de8b83694bffdb57

SHA1
94b0acf10c424c4990f88d8d63ba0ef31231fde8

SHA256
71a4439b7c9ba5b21532c4e3c05f39fd19f2ad9e8f1e7da85244339f7fac0e3d

SHA512
4921aee10a3d419ebbfad7f9f877177fce6aad5a1084099046f97ee63d577d9f54d42b6de5ca256f5250264f929988fbd8e4e050996673c99d95dae8833abe2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
206KB

MD5
5e0fe7226f106172f754e6b196e77f81

SHA1
8bb1e0655acab743acf4cd7dc1d2893c91c1b3a9

SHA256
3312207308d70e9d0e02e5ccc13ef934b11d31ea23830573aa6ea2f43b83a20f

SHA512
deaa6c93133d8f4fd97574cff20251cb3af9bd4dafba83da6ccb3302b754cbdd38cfe083785a10dc7265cb757efe15621082dcd09833f27351896711e2667273

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
214KB

MD5
c74555de27211b6cc1ae0d596853d1e2

SHA1
de685e4f5ab0a15df89ce58d4352ee451a0eeb90

SHA256
f3c80694337e23b280489c1c77b9c6a3e03fd9dc44f609389852c922dc5e3d06

SHA512
889cf00383ef67b5192f00c7ee8fc47f8735dd3fc6a1376fbb22e1e493b4adc2a81f9f407844b9eb317efff3bc31cf66aae97a5748b6ac5cde38497a197f1ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
307KB

MD5
32c5cbce4123b53d91da3e46be865722

SHA1
17c6c8b2f03abc023403c3ac016169b915cb57a1

SHA256
02a4f2c2f6f6440f4e82ffa95e12a3151f0a2360e4123761b4b73cf555355c7c

SHA512
39517ed64f5370feb9d60921dfc5bbf3dfbf27b21c2b47f3009bc9fb8b2f08f72f19ebe8937bf19bf51f4e35a34d48b070e7be829fbb0424ad235eb4c86154f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
149KB

MD5
3fe5aef1b5db7e1f033b7c8ff8081029

SHA1
a934201b22df1f9834bb96cce0bb90128e89cdbe

SHA256
3de08896af4be40c1a7cb9d78f49a040484e5a31684509b32930d369f6187539

SHA512
41c6f85c6afe96605dff60af2b2e893bcc3aa3fcf647980677587c540f53f70728795e2a76035fe2d0e3de81beb1307ec130b10289e1ae446559fc52e3f4c80d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
03fa4a4fe611c1b99f560d99383789f7

SHA1
80e0611e87254a6018f2d5db5eb155b9bc7148a6

SHA256
ef7ed36f0ada8b0dd04b897b90f05a2214f8eb3bf1d6465c8dd8ac1e389db82d

SHA512
30bb590c10dfa0bddb5fd516f7618dd30f2726199696be7dd1a944abb96b42662505edb908741cee858fb91f9bc5d445a4880a05d8bbd767ff86769c3ee7de0b

Download Submit
memory/888-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/888-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3324-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3324-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3324-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads