Overview

overview

4

task1

 

4

task2

 

4

Analysis

  • max time kernel
    98s
  • resource
    win10v191014
  • submitted
    18-12-2019 04:26

Sharing

Copy URL
Twitter E-mail

General

  • Target

    connect_ips.exe

  • Sample

    191218-l27edyppr2

  • SHA256

    38a632c8d23aaddb53d7c0fb1d83a1414bbde238d84e6fa172149137b9ea09ac

Score
4/10
evasionspreading

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 5 IoCs
  • Runs ping.exe 1 TTPs 5 IoCs
    evasionspreading

Processes

  • C:\Users\Admin\AppData\Local\Temp\connect_ips.exe
    "C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Windows\system32\ping.exe
      ping 203.130.0.69 "-c 5" "-i 3" "-w 10"
      2⤵
      • Runs ping.exe
      PID:4868
    • C:\Windows\system32\ping.exe
      ping 80.93.48.49 "-c 5" "-i 3" "-w 10"
      2⤵
      • Runs ping.exe
      PID:4900
    • C:\Windows\system32\ping.exe
      ping 206.189.112.148 "-c 5" "-i 3" "-w 10"
      2⤵
      • Runs ping.exe
      PID:4944
    • C:\Windows\system32\ping.exe
      ping 206.81.10.215 "-c 5" "-i 3" "-w 10"
      2⤵
      • Runs ping.exe
      PID:1620
    • C:\Windows\system32\ping.exe
      ping 192.161.190.171 "-c 5" "-i 3" "-w 10"
      2⤵
      • Runs ping.exe
      PID:360

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads