5c203f506be189f0339780ab75e52ab07afdd81c7b257ac04cab8648c911a6d5

Analysis

max time kernel
41s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 15:00

Target

vertices/asteroidal.cmd
Size

332B
MD5

9e7110cb49cd0ad0737cb98e1b272e33
SHA1

8737ac297dc9093c06439f45393ff5baadde85f6
SHA256

6335a5ca91f6ec7212ccae34e63d1f42ab86c56537deb1c5bc3a32f250f3c936
SHA512

97d06d807e378029580313acabfc31a4490a9318f2bdb9291d3ffa532d5b8040bb4f2b535d447f25b1cb57bcc62b7ce56570edd81b6bd37237be78632c0afe6c

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

pid	Process
480	PING.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 480	1760	cmd.exe	29
PID 1760 wrote to memory of 480	1760	cmd.exe	29
PID 1760 wrote to memory of 480	1760	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\vertices\asteroidal.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:480

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact