c1efca753dedafb2fa206085cc45583e9af9e233a3248e958a5e1ece7982837f

Analysis

max time kernel
91s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2022, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6438/1722.cmd
Size

259B
MD5

3c3c6861a7b06edf3d7ab40e6a239eb7
SHA1

f9b416533bcabd4096ab3cd1b138194b0d7bb47f
SHA256

4ce57b83a2c32680ec5c45efc486e38e6985cdcea78593882ce041940014dbfa
SHA512

9830d3370d412d714e395c02b56dd887d162611be83f8aa75db84ee480b5b09d634db24d71a165bdcd346fe7481cf5249dd17ea8ab1c9aa50689f49709616923

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3612	re.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4696	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 4696	2688	cmd.exe	82
PID 2688 wrote to memory of 4696	2688	cmd.exe	82
PID 2688 wrote to memory of 3612	2688	cmd.exe	83
PID 2688 wrote to memory of 3612	2688	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\6438\1722.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4696
- \??\c:\users\public\re.exe
  c:\\users\\public\\re.exe 6438\fearfully.dat
  2⤵
  - Executes dropped EXE
  PID:3612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\re.exe

Filesize
24KB

MD5
b0c2fa35d14a9fad919e99d9d75e1b9e

SHA1
8d7c2fd354363daee63e8f591ec52fa5d0e23f6f

SHA256
022cb167a29a32dae848be91aef721c74f1975af151807dafcc5ed832db246b7

SHA512
a6155e42b605425914d1bf745d9b2b5ed57976e161384731c6821a1f8fa2bc3207a863ae45d6ad371ac82733b72bb024204498baa4fb38ad46c6d7bc52e5a022

Download Submit