Analysis
-
max time kernel
149s -
resource
win7v191014 -
submitted
18-12-2019 04:37
General
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes:
connect_ips.exedescription pid process target process PID 1412 wrote to memory of 2000 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 2020 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1020 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 552 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 884 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1956 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 840 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1456 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1072 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1184 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1416 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1844 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 612 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1580 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1540 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1068 1412 connect_ips.exe ping.exe PID 1412 wrote to memory of 1736 1412 connect_ips.exe ping.exe -
Processes:
ping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exepid process 2000 ping.exe 552 ping.exe 1072 ping.exe 1184 ping.exe 1416 ping.exe 1956 ping.exe 840 ping.exe 612 ping.exe 1540 ping.exe 2020 ping.exe 884 ping.exe 1736 ping.exe 1020 ping.exe 1456 ping.exe 1844 ping.exe 1580 ping.exe 1068 ping.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\ping.exeping 50.116.86.205 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 209.97.168.52 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 197.254.221.174 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 190.186.164.23 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 80.93.48.49 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 146.185.253.123 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 163.172.97.112 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 107.170.24.125 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 47.187.70.124 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 206.81.10.215 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 181.196.207.202 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 181.112.157.42 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 128.65.154.183 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 101.187.247.29 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 72.27.212.209 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 91.205.173.54 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 85.217.171.229 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe