connect_ips.exe
General
Target
Filesize
Completed
connect_ips.exe
N/A
18-12-2019 04:29
Score
4
/10
SHA256
38a632c8d23aaddb53d7c0fb1d83a1414bbde238d84e6fa172149137b9ea09ac
Malware Config
Signatures 2
Filter: none
Discovery
-
Suspicious use of WriteProcessMemoryconnect_ips.exe
Reported IOCs
description pid process target process PID 4812 wrote to memory of 4868 4812 connect_ips.exe ping.exe PID 4812 wrote to memory of 4900 4812 connect_ips.exe ping.exe PID 4812 wrote to memory of 4944 4812 connect_ips.exe ping.exe PID 4812 wrote to memory of 1620 4812 connect_ips.exe ping.exe PID 4812 wrote to memory of 360 4812 connect_ips.exe ping.exe -
Runs ping.exeping.exeping.exeping.exeping.exeping.exe
Tags
TTPs
Reported IOCs
pid process 1620 ping.exe 360 ping.exe 4868 ping.exe 4900 ping.exe 4944 ping.exe
Processes 6
-
C:\Users\Admin\AppData\Local\Temp\connect_ips.exePID:4812"C:\Users\Admin\AppData\Local\Temp\connect_ips.exe"Suspicious use of WriteProcessMemory
-
C:\Windows\system32\ping.exePID:4868ping 203.130.0.69 "-c 5" "-i 3" "-w 10"Runs ping.exe
-
C:\Windows\system32\ping.exePID:4900ping 80.93.48.49 "-c 5" "-i 3" "-w 10"Runs ping.exe
-
C:\Windows\system32\ping.exePID:4944ping 206.189.112.148 "-c 5" "-i 3" "-w 10"Runs ping.exe
-
C:\Windows\system32\ping.exePID:1620ping 206.81.10.215 "-c 5" "-i 3" "-w 10"Runs ping.exe
-
C:\Windows\system32\ping.exePID:360ping 192.161.190.171 "-c 5" "-i 3" "-w 10"Runs ping.exe
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads