99b123db0fe08d0293acfc269beaa482b251c679658519c5eb824b69e70bfea8

Analysis

max time kernel
155s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

754ccec870955b142267ab51a1c14d56.exe
Size

208KB
MD5

754ccec870955b142267ab51a1c14d56
SHA1

9bb36a2bfe4c619256cb2f3211cc5f95b52ce813
SHA256

99b123db0fe08d0293acfc269beaa482b251c679658519c5eb824b69e70bfea8
SHA512

20f2a7e25fcfe2f0807c156f09a05d3514c6ab5e52b1d68404c9be93243926a010c198ffccda023fb702e3fc5a572ea39bb2349348de702f46bf608a0e2e0864
SSDEEP

6144:al7uXWeh2pwE5Wca5BFEQN4jFoU0Uue+Xa2I:PhW95yLGQN4mfRZXa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
748	u.dll
3700	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2612	4960	754ccec870955b142267ab51a1c14d56.exe	89
PID 4960 wrote to memory of 2612	4960	754ccec870955b142267ab51a1c14d56.exe	89
PID 4960 wrote to memory of 2612	4960	754ccec870955b142267ab51a1c14d56.exe	89
PID 2612 wrote to memory of 748	2612	cmd.exe	90
PID 2612 wrote to memory of 748	2612	cmd.exe	90
PID 2612 wrote to memory of 748	2612	cmd.exe	90
PID 748 wrote to memory of 3700	748	u.dll	91
PID 748 wrote to memory of 3700	748	u.dll	91
PID 748 wrote to memory of 3700	748	u.dll	91

C:\Users\Admin\AppData\Local\Temp\754ccec870955b142267ab51a1c14d56.exe
"C:\Users\Admin\AppData\Local\Temp\754ccec870955b142267ab51a1c14d56.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D4A5.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 754ccec870955b142267ab51a1c14d56.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\D7D2.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\D7D2.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeD7D3.tmp"
      4⤵
      Executes dropped EXE
      PID:3700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\D4A5.tmp\vir.bat

Filesize
1KB

MD5
ab08efd3d54f1fd21e3e844660de9ed0

SHA1
b3797700fa9913301652fe819b4a10b8b0677781

SHA256
7a566121a2cbba94d6b03710c714ca53db70b4f6af5d6e1129e886dc525ab3fc

SHA512
da8bb6812041c6ddae844ccb69339495e29edff227d1a0c7f105c00d1a9e002ede4d17808f86347b9a56b21a9bd2ed2b0ad2022e6e3f5234fc0657c92edf5462

Download Submit
C:\Users\Admin\AppData\Local\Temp\D7D2.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeD7D3.tmp

Filesize
41KB

MD5
dccc902dc69f9012016bfbeebaec2ab4

SHA1
9bb1965864382c768f42709d65999e8ab14af8b5

SHA256
6ef2e241ab78f7ed0389775aed3e394233a49f32634c9bb293e663e1ee381e37

SHA512
7b5ca3fe7b496a6b9b506ea477b72342c2d673278e9e7a1e73a257bf1847e926a866ff624995aee24ec9e871882b34bd2cdf5181a47ec047faa57bb7fe4c3086

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeD7D3.tmp

Filesize
41KB

MD5
d39bb4c0a8df52b4df7133db53947609

SHA1
24913316fff5c6357c91c139c824659e30b163db

SHA256
04524cf81238c8d8973fd5cb3e3d7b1878977da9689d04d67b105490934b52ca

SHA512
90eedf40f4e2e84d52e492395a8287aa40a28a00c0faa75e65fc19bec971a24580a78cd571dc57726359beb8eaf94a16e207ffb3303012366e792941bb1518f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mprE7A1.tmp

Filesize
25KB

MD5
1c0418f17bdc6f06b10968dcf8f721fd

SHA1
ca8c586bb7be04d444d7734ef85ec6daf984a856

SHA256
7d0715ee21da8692117fb3925bc56114fd51c5b16b04b5078f380d819f6e4fc5

SHA512
121689029462e98fc938ea8ee4ddfa76faecbe3f36993b9cb109de9dd8ec12f287e7b62c056681e2e8b24960f9542ba9414f5732932c6cff71286897699ed419

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
5eebc5137f7474ad3d1036a2fc92dd9b

SHA1
55adc9d05feae8b8866b4d3d9f47771b38c929ec

SHA256
0af0b0f54b7bf4e2bc934ff5122a4541df938d2c2865a9aca17d1e03f007d2da

SHA512
ae3709f5a675f318503de49045f4312169318b7e066ce1f0b78955235c2ecb62f242cdb4012527b2346be8c9a57056ebd13fcba810aeac6cf82f1b4464383483

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
bc70d6bbc682223d461c0c30d53d5f34

SHA1
2ecb020a1dfcacc3eba0aa6c3338af3e33b76bca

SHA256
5870cf3e8e260c6459e207deecc7b6628acb072657756e61c9841020a9b8b415

SHA512
4cca7d0f69090d4434e75390f14d546bb33e7301fa1cd0fe654545fbef25b19c7611c16fffb6301304c795c58a58d0e083ad2593ffa8cda4eb2800f1fe222baa

Download Submit
memory/3700-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3700-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4960-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4960-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4960-19-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads