Analysis
-
max time kernel
144s -
resource
win7v191014 -
submitted
18-12-2019 04:26
General
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
connect_ips.exedescription pid process target process PID 1992 wrote to memory of 1416 1992 connect_ips.exe ping.exe PID 1992 wrote to memory of 1436 1992 connect_ips.exe ping.exe PID 1992 wrote to memory of 1564 1992 connect_ips.exe ping.exe PID 1992 wrote to memory of 1120 1992 connect_ips.exe ping.exe PID 1992 wrote to memory of 1860 1992 connect_ips.exe ping.exe -
Processes:
ping.exeping.exeping.exeping.exeping.exepid process 1416 ping.exe 1436 ping.exe 1564 ping.exe 1120 ping.exe 1860 ping.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\ping.exeping 203.130.0.69 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 192.161.190.171 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 80.93.48.49 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 206.189.112.148 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe
-
C:\Windows\system32\ping.exeping 206.81.10.215 "-c 5" "-i 3" "-w 10"2⤵
- Runs ping.exe