320e88fe8dca91b941c2638bca266fbb0a0375935b1be1a7287b66d2a9313f14

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8cdaba87654df78a8a8d4f465baa400.exe
Size

209KB
MD5

c8cdaba87654df78a8a8d4f465baa400
SHA1

5025f316022b1bb6fd90bb5ad486c8232283295c
SHA256

320e88fe8dca91b941c2638bca266fbb0a0375935b1be1a7287b66d2a9313f14
SHA512

bca32ca28a2dbbad297bb94c6ee77d5aa142fe878f2c75741d5b5e6e167c13f12a70b079e583f0c7e942a8d8b346f415bad988a4168288272579a190f86242ba
SSDEEP

6144:iltGmuktN4HejL+mz1KUG8KilCMK3yXrnb4V5N2:mGmFN4+jL+mz1KUG8vCNarb4V+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
724	u.dll
448	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2200	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4348	4036	c8cdaba87654df78a8a8d4f465baa400.exe	90
PID 4036 wrote to memory of 4348	4036	c8cdaba87654df78a8a8d4f465baa400.exe	90
PID 4036 wrote to memory of 4348	4036	c8cdaba87654df78a8a8d4f465baa400.exe	90
PID 4348 wrote to memory of 724	4348	cmd.exe	91
PID 4348 wrote to memory of 724	4348	cmd.exe	91
PID 4348 wrote to memory of 724	4348	cmd.exe	91
PID 724 wrote to memory of 448	724	u.dll	94
PID 724 wrote to memory of 448	724	u.dll	94
PID 724 wrote to memory of 448	724	u.dll	94
PID 4348 wrote to memory of 3048	4348	cmd.exe	96
PID 4348 wrote to memory of 3048	4348	cmd.exe	96
PID 4348 wrote to memory of 3048	4348	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\c8cdaba87654df78a8a8d4f465baa400.exe
"C:\Users\Admin\AppData\Local\Temp\c8cdaba87654df78a8a8d4f465baa400.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\38C3.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4348
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save c8cdaba87654df78a8a8d4f465baa400.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\397F.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\397F.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe398F.tmp"
      4⤵
      Executes dropped EXE
      PID:448
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:3048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\38C3.tmp\vir.bat

Filesize
1KB

MD5
6c1b6ecc49aba1e8fdc91c34133a778c

SHA1
324b931157570a5aea2793dc4ec04d2de8b13d34

SHA256
e97d0ae6f6ad35784c6d635ab6f25383fdcae2c0389375ef88661a95099d9a4b

SHA512
fc590d7529c912351dea6eb6e48ab3381ff2d9b52d44c22c4f219f632159330e1a7e64c3eddeecde762e49d86de8309615b8ed7230738a58e3c3eff6e830455e

Download Submit
C:\Users\Admin\AppData\Local\Temp\397F.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe398F.tmp

Filesize
41KB

MD5
4f74129c104ef1d140d90e0ba568ce01

SHA1
6f3eff482f956305006b6768a2a6ff242798a45d

SHA256
7695698f1983d6f8884164972c0e546da7e4a29f3c2ac244927f5b28da24c753

SHA512
8757d38c206b29cbabc7ada99871fc590ff0a775814a74752b9f3971956e7c000ca259cc9e1906897a343397d4dcfe9c271024878de42eb87e22477a6fd50f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe398F.tmp

Filesize
43KB

MD5
72b54754b2a4bc7cf728916ef559ca90

SHA1
12d28db39653159dc650f9392569a49e36b378e7

SHA256
c323cf2f02a3118abfae4d8fca438e5456a4d7a748fa1640304837ea61435080

SHA512
cc0796882e043b690b7d0f90af0c029d59d83ba2e44ffe6488661b90e9fbbc9bdc83f84b201c566357ba01a2da397fa8f163a3e296582984904b9b5f5ba38eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr3A4A.tmp

Filesize
25KB

MD5
9a864ec110f6e2c1f1851f385f6438c5

SHA1
7979151fbc7a54695c99a7f46e0bf537c725dc95

SHA256
aec9dd16d062afcdbe8210149ee7aa3873d4fc8d7b9aa834f5b4a18648022f7a

SHA512
5979e71749b69b2511ecc37118dc71cd8306cf273d5ed94aa8388a33196061c7e3d8ecb74c9e38524e6efbdf36c9b777d363dec53df015febd04553015b2441d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
fd0d0d7ae1d515c6a6a5e027a383e813

SHA1
5ac4fff2a23711869002bb26e4463530788e086d

SHA256
6429e1a8f97a7e8226cae762348ad91d938e474db9ac2eb7d5d3aa2cc4b6123e

SHA512
068bec88e014b8d1a657f1eb75dfa1730c48601c4dd69198214fb8ea95e4e99fd8b185dbd1ca2cc6b075acb950af299b2483a3176951d2e80b0070708791778a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
5e936f51ae04ca965574f15807ee6ea0

SHA1
ed780f0ad77f13521350d8db67ff185e56d38c7f

SHA256
879c8648e491a64413ee5be3e8aa5e1f70e8e3e3b98b89f80135f92aa64f2533

SHA512
39d569a31baa4c6af249ca71247442cd7c1b1704554fe71a18bbe72581dc4324301446a4d051ce47103085d171d389419fcb2f3bc7951441a74d308519005354

Download Submit
memory/448-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/448-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4036-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4036-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4036-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads