bda7de681041d4d89abf6a4b010fd0555aa10506e75c51626d604ddbf9a2cd79

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a7db72d9155e7bfe073a2fe47b3a975.exe
Size

209KB
MD5

8a7db72d9155e7bfe073a2fe47b3a975
SHA1

5896b6c1a49bb04584c6f3b3b3617123f8d2e99f
SHA256

bda7de681041d4d89abf6a4b010fd0555aa10506e75c51626d604ddbf9a2cd79
SHA512

ac7bb8459b57ec8984a0c610a16a2c6bc6cbf4ed18eb0490b2123567cbd66e5fefd6744b4df40a386bfb1469b637ab7c5f7c5513ac5d728d7465e0494b47fea0
SSDEEP

6144:3li5lrj2mcbryCHsiwbpXQOHRWekLdBjuns7v+rvXOu:kusdFX/ZkLbj0Sa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4464	u.dll
3984	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3516	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 4296	460	8a7db72d9155e7bfe073a2fe47b3a975.exe	89
PID 460 wrote to memory of 4296	460	8a7db72d9155e7bfe073a2fe47b3a975.exe	89
PID 460 wrote to memory of 4296	460	8a7db72d9155e7bfe073a2fe47b3a975.exe	89
PID 4296 wrote to memory of 4464	4296	cmd.exe	90
PID 4296 wrote to memory of 4464	4296	cmd.exe	90
PID 4296 wrote to memory of 4464	4296	cmd.exe	90
PID 4464 wrote to memory of 3984	4464	u.dll	91
PID 4464 wrote to memory of 3984	4464	u.dll	91
PID 4464 wrote to memory of 3984	4464	u.dll	91
PID 4296 wrote to memory of 5028	4296	cmd.exe	92
PID 4296 wrote to memory of 5028	4296	cmd.exe	92
PID 4296 wrote to memory of 5028	4296	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\8a7db72d9155e7bfe073a2fe47b3a975.exe
"C:\Users\Admin\AppData\Local\Temp\8a7db72d9155e7bfe073a2fe47b3a975.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:460
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\80D8.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4296
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 8a7db72d9155e7bfe073a2fe47b3a975.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\8155.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\8155.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe8156.tmp"
      4⤵
      Executes dropped EXE
      PID:3984
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:5028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\80D8.tmp\vir.bat

Filesize
2KB

MD5
f21597d5266408afc9e4efef2ccc8a7e

SHA1
70a850475d594e04c5f742c7eb23738738b7c0e9

SHA256
d71ca30e248749802e40f9925cc51878b8e5e86383dddf5ffcf6eb802b3bfd61

SHA512
4979ef24be0bd5f62bd04561dbc3b0eff72e2bb826d95ef6f9d8479f8d54fed7c012c65711da740b191a735133323e46293a35867a6e314ad9b3517084150880

Download Submit
C:\Users\Admin\AppData\Local\Temp\8155.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe8156.tmp

Filesize
43KB

MD5
690d8ea37d9bf0db8c5e3f58901bc76f

SHA1
ff943fe5db8430fef8355f693eff707f5fdb278b

SHA256
67199d32d9828501404825b4f34e904853bec76eb5fc37502898e509142b20d3

SHA512
1f37376bd95da9e22d1fb88321a4e9e863c20019a5225379e29291c3bee6fcc117994b78df4946673113af8c0010a5919a762a3b850f2475db71f7ee5e67d7c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe8156.tmp

Filesize
25KB

MD5
4ead4cfcee17b4ab5f32b273f951ea7f

SHA1
2e488d7f79761c47832778c0feec6be94ea1d61e

SHA256
d707ff90c297d8413fbe1aced5ce31929a0f5aed1aa85bc2a11b2743699c9f9c

SHA512
0c1db9abd9efd08d948c614a15bdce22905e16c64ee8371af7aba0a640e240762d873c06cb533fb55ea0bd287e47cc7a85d82c91560f09d2cbb21140b6bb75fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
167KB

MD5
f637657965e9031b7a6bcddeaf86c59e

SHA1
472a9252ab3bfd5834ec85cb2654eb45bfa7379d

SHA256
d92d0913ce5adcf5282ba7f60d4981ade85009ce129bd24d83f2645e904fc6b3

SHA512
eb8177d917ad37ba0dbd40bf7752efb2a1fd6edf4a7956384d082b54c0e732e6ce18d2122210b70e8fa0bf42d1e56ed6035ede4ae34d567372a7e0a13fc00ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
700KB

MD5
84b76845654285a13592c9e42b2f8b8a

SHA1
af1373a5c315f3fc3fb18d88ad4c28f6938de640

SHA256
635da8f03b922a520ffb1ad9c4e8c460822cec92bc02c14da4d2455ba0300242

SHA512
a0c1e791d4f571b27f34f37529ac0391557f08edf6feaa9866117924a6e2c0a5eae0c9f88f79f570321676b6fa630933f301324f08915ad13825ce76d7aef33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
8d65bc81325848d723ff2010f5089f5a

SHA1
abec7ca3dbed794e978cc84296e401ec0ff72358

SHA256
395b25623eee434f4b4aebb3582a272dcab164fe1ad8396599a46da1c68b328e

SHA512
003f67f436721e6e8b31dc0d3f250ae13e51c61b7e65c005a4ec4fe1e43890f85f2509a8c25cbb8593f4440904d02e130d5b111838d569e3932178ee3f8ab180

Download Submit
memory/460-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/460-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/460-68-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3984-54-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3984-60-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads