070003eb267e8c10b998416d8d5f08e8d2c2a2f2b518c592b80eebc3ea1e534b

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2022, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6438/3772.cmd
Size

278B
MD5

a7b8d1bac0857fbcebe10a6b8387bb78
SHA1

af266047118b6eb3db740cc15186cb1b0225e298
SHA256

7f8d898ca912400adf3b0f1d8f13ba2d60be4fd4aed83dc004e4b2fb301e1142
SHA512

778ce3cf3018da8883c7abb853fcfa51cc525e31b28a029774228b117f2fb26b2f7e4ce428ad91162339969522f92f235fea5036ddcb90d5fefcb8bda3d25b76

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1516	re.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1004	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 1004	3092	cmd.exe	85
PID 3092 wrote to memory of 1004	3092	cmd.exe	85
PID 3092 wrote to memory of 1516	3092	cmd.exe	88
PID 3092 wrote to memory of 1516	3092	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\6438\3772.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1004
- \??\c:\users\public\re.exe
  c:\\users\\public\\re.exe 6438\grassing.dat
  2⤵
  - Executes dropped EXE
  PID:1516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\re.exe

Filesize
24KB

MD5
b0c2fa35d14a9fad919e99d9d75e1b9e

SHA1
8d7c2fd354363daee63e8f591ec52fa5d0e23f6f

SHA256
022cb167a29a32dae848be91aef721c74f1975af151807dafcc5ed832db246b7

SHA512
a6155e42b605425914d1bf745d9b2b5ed57976e161384731c6821a1f8fa2bc3207a863ae45d6ad371ac82733b72bb024204498baa4fb38ad46c6d7bc52e5a022

Download Submit