5c203f506be189f0339780ab75e52ab07afdd81c7b257ac04cab8648c911a6d5

Analysis

max time kernel
166s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 15:00

Target

vertices/asteroidal.cmd
Size

332B
MD5

9e7110cb49cd0ad0737cb98e1b272e33
SHA1

8737ac297dc9093c06439f45393ff5baadde85f6
SHA256

6335a5ca91f6ec7212ccae34e63d1f42ab86c56537deb1c5bc3a32f250f3c936
SHA512

97d06d807e378029580313acabfc31a4490a9318f2bdb9291d3ffa532d5b8040bb4f2b535d447f25b1cb57bcc62b7ce56570edd81b6bd37237be78632c0afe6c

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

pid	Process
4856	PING.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 4856	2888	cmd.exe	20
PID 2888 wrote to memory of 4856	2888	cmd.exe	20

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\vertices\asteroidal.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4856

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact