bd771d1c4b005758dc4e3f27fc1bd5dcd58d566a0391763473c331930ab2ccd9

General

Target

connect_ips.exe
Sample

191218-5xa4zbpva6
SHA256

bd771d1c4b005758dc4e3f27fc1bd5dcd58d566a0391763473c331930ab2ccd9

Score

4^/10

evasion spreading

Malware Config

Signatures

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

connect_ips.exe

description	pid	process	target process
PID 4808 wrote to memory of 5064	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 1456	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 2000	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 1684	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 360	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4212	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4260	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4332	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4404	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4028	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 64	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 3360	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 784	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4864	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 4756	4808	connect_ips.exe	ping.exe
PID 4808 wrote to memory of 5068	4808	connect_ips.exe	ping.exe

Runs ping.exe 1 TTPs 16 IoCs

evasion spreading

Remote System Discovery

T1018

Processes:

ping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exeping.exe

pid	process
5064	ping.exe
3360	ping.exe
4332	ping.exe
4404	ping.exe
4756	ping.exe
5068	ping.exe
2000	ping.exe
64	ping.exe
4864	ping.exe
4212	ping.exe
4260	ping.exe
4028	ping.exe
784	ping.exe
1456	ping.exe
1684	ping.exe
360	ping.exe

C:\Users\Admin\AppData\Local\Temp\connect_ips.exe
"C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4808

C:\Windows\system32\ping.exe
ping 212.73.150.233 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:5064

C:\Windows\system32\ping.exe
ping 91.205.173.54 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:1456

C:\Windows\system32\ping.exe
ping 197.254.221.174 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:2000

C:\Windows\system32\ping.exe
ping 206.81.10.215 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:1684

C:\Windows\system32\ping.exe
ping 94.156.35.235 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:360

C:\Windows\system32\ping.exe
ping 50.116.86.205 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4212

C:\Windows\system32\ping.exe
ping 5.34.176.43 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4260

C:\Windows\system32\ping.exe
ping 146.185.253.123 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4332

C:\Windows\system32\ping.exe
ping 107.170.24.125 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4404

C:\Windows\system32\ping.exe
ping 195.201.56.70 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4028

C:\Windows\system32\ping.exe
ping 181.129.104.139 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:64

C:\Windows\system32\ping.exe
ping 190.214.13.2 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:3360

C:\Windows\system32\ping.exe
ping 209.97.168.52 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:784

C:\Windows\system32\ping.exe
ping 181.196.207.202 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4864

C:\Windows\system32\ping.exe
ping 128.65.154.183 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:4756

C:\Windows\system32\ping.exe
ping 206.189.112.148 "-c 5" "-i 3" "-w 10"
2⤵
- Runs ping.exe
PID:5068

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads