Analysis
-
max time kernel
67s -
max time network
69s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 20:41
Behavioral task
behavioral1
Sample
cc0e1e02e12cc64f4dceb4df23eeabbb.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cc0e1e02e12cc64f4dceb4df23eeabbb.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
cc0e1e02e12cc64f4dceb4df23eeabbb.exe
-
Size
1.1MB
-
MD5
cc0e1e02e12cc64f4dceb4df23eeabbb
-
SHA1
8e673cbd98a7d63bf874b4434494d8ca9c642f87
-
SHA256
271af3d935212d2f2efe62775f20ccda94a12ce1a60f5c18a78e90b16e4f9f67
-
SHA512
84acab40770ab6af2e3ac21924a271ffff8bb2390e24639038a49324b5edd77b91ea67cdeef6d93f95fddda6c8767cc1b316c2899173f020315d38697303c8e5
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
cc0e1e02e12cc64f4dceb4df23eeabbb.execc0e1e02e12cc64f4dceb4df23eeabbb.exepid process 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe 1228 cc0e1e02e12cc64f4dceb4df23eeabbb.exe 1228 cc0e1e02e12cc64f4dceb4df23eeabbb.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
cc0e1e02e12cc64f4dceb4df23eeabbb.execmd.exedescription pid process target process PID 1744 wrote to memory of 1228 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cc0e1e02e12cc64f4dceb4df23eeabbb.exe PID 1744 wrote to memory of 1228 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cc0e1e02e12cc64f4dceb4df23eeabbb.exe PID 1744 wrote to memory of 1228 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cc0e1e02e12cc64f4dceb4df23eeabbb.exe PID 1744 wrote to memory of 1228 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cc0e1e02e12cc64f4dceb4df23eeabbb.exe PID 1744 wrote to memory of 1432 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cmd.exe PID 1744 wrote to memory of 1432 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cmd.exe PID 1744 wrote to memory of 1432 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cmd.exe PID 1744 wrote to memory of 1432 1744 cc0e1e02e12cc64f4dceb4df23eeabbb.exe cmd.exe PID 1432 wrote to memory of 820 1432 cmd.exe PING.EXE PID 1432 wrote to memory of 820 1432 cmd.exe PING.EXE PID 1432 wrote to memory of 820 1432 cmd.exe PING.EXE PID 1432 wrote to memory of 820 1432 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc0e1e02e12cc64f4dceb4df23eeabbb.exe"C:\Users\Admin\AppData\Local\Temp\cc0e1e02e12cc64f4dceb4df23eeabbb.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cc0e1e02e12cc64f4dceb4df23eeabbb.exeC:\Users\Admin\AppData\Local\Temp\cc0e1e02e12cc64f4dceb4df23eeabbb.exe /C2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\cc0e1e02e12cc64f4dceb4df23eeabbb.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe