Analysis
-
max time kernel
37s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 20:47
Behavioral task
behavioral1
Sample
27e453c28ebe05b93155284aa292929e.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
27e453c28ebe05b93155284aa292929e.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
27e453c28ebe05b93155284aa292929e.exe
-
Size
1.1MB
-
MD5
27e453c28ebe05b93155284aa292929e
-
SHA1
f4fe6836d76a66fbd37739bb024ad49428ee9f2b
-
SHA256
3c2cfd02b721368fdfba96b0dccb850e6af1afd0610103563cb7a1967c9b9905
-
SHA512
c3848e76871b499ba1fab66a38df27a1c2cf53ee32442a32aa3db4a426806c3bd8e3f0aeaf53cd950ba27cd35be754ba75a75f70ff33747125fd822733f26af3
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
27e453c28ebe05b93155284aa292929e.exe27e453c28ebe05b93155284aa292929e.exepid process 748 27e453c28ebe05b93155284aa292929e.exe 1636 27e453c28ebe05b93155284aa292929e.exe 1636 27e453c28ebe05b93155284aa292929e.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
27e453c28ebe05b93155284aa292929e.execmd.exedescription pid process target process PID 748 wrote to memory of 1636 748 27e453c28ebe05b93155284aa292929e.exe 27e453c28ebe05b93155284aa292929e.exe PID 748 wrote to memory of 1636 748 27e453c28ebe05b93155284aa292929e.exe 27e453c28ebe05b93155284aa292929e.exe PID 748 wrote to memory of 1636 748 27e453c28ebe05b93155284aa292929e.exe 27e453c28ebe05b93155284aa292929e.exe PID 748 wrote to memory of 1636 748 27e453c28ebe05b93155284aa292929e.exe 27e453c28ebe05b93155284aa292929e.exe PID 748 wrote to memory of 1220 748 27e453c28ebe05b93155284aa292929e.exe cmd.exe PID 748 wrote to memory of 1220 748 27e453c28ebe05b93155284aa292929e.exe cmd.exe PID 748 wrote to memory of 1220 748 27e453c28ebe05b93155284aa292929e.exe cmd.exe PID 748 wrote to memory of 1220 748 27e453c28ebe05b93155284aa292929e.exe cmd.exe PID 1220 wrote to memory of 844 1220 cmd.exe PING.EXE PID 1220 wrote to memory of 844 1220 cmd.exe PING.EXE PID 1220 wrote to memory of 844 1220 cmd.exe PING.EXE PID 1220 wrote to memory of 844 1220 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\27e453c28ebe05b93155284aa292929e.exe"C:\Users\Admin\AppData\Local\Temp\27e453c28ebe05b93155284aa292929e.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\27e453c28ebe05b93155284aa292929e.exeC:\Users\Admin\AppData\Local\Temp\27e453c28ebe05b93155284aa292929e.exe /C2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\27e453c28ebe05b93155284aa292929e.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe