a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014

Analysis

max time kernel
93s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014.exe
Size

284KB
MD5

826d649c07d1f20fd27c233667d6c588
SHA1

4ab1ea3f4b6ebcc04416068ef0fa500982822cb8
SHA256

a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014
SHA512

daf4d1294db7d7ef4cb405e251d1c87b037de430d9a1860f88660ac7039801d217f89a409aa7313ffeb28a330bd15717b012de324a519e302a4a49cf1aa95556
SSDEEP

3072:amSenceAA5otaeyURLLls42llNaiLzekJtSiSPRgXZTsuZfe:amSenBAmezRls42lvCk+iSPRgpwuZW

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4964	ipwxgh.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4856	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1636	2992	a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014.exe	79
PID 2992 wrote to memory of 1636	2992	a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014.exe	79
PID 2992 wrote to memory of 1636	2992	a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014.exe	79
PID 1636 wrote to memory of 4964	1636	cmd.exe	81
PID 1636 wrote to memory of 4964	1636	cmd.exe	81
PID 1636 wrote to memory of 4964	1636	cmd.exe	81
PID 1636 wrote to memory of 4856	1636	cmd.exe	82
PID 1636 wrote to memory of 4856	1636	cmd.exe	82
PID 1636 wrote to memory of 4856	1636	cmd.exe	82

C:\Users\Admin\AppData\Local\Temp\a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014.exe
"C:\Users\Admin\AppData\Local\Temp\a3b82eefa2255e02b4adcefa080a4ceebe5142aa1f02a2c9f7b568257c48e014.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hpxmipx.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\ipwxgh.exe
    "C:\Users\Admin\AppData\Local\Temp\ipwxgh.exe"
    3⤵
    - Executes dropped EXE
    PID:4964
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:4856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hpxmipx.bat

Filesize
124B

MD5
337f75965815a885ed54e4a01a80d3db

SHA1
5f276086f346be9c94f01d8583b659b68bf93c1c

SHA256
480b391ab66665423145569fd5aa8ab158d7ac52aab4ea4f43614a6deb77c1aa

SHA512
3cbc609b325164cc3e5fafb880b5b4762e15cb015b93062eb9d71931f41d528b4ba79a74dd2e5a0f9987618491989c6c22701b7bb7a571f663cf47650d46879f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ipwxgh.exe

Filesize
184KB

MD5
45e81683b0530078baa56849a70935e1

SHA1
06e07f8776f746a8b3245b38a51ad27a6fbe5c57

SHA256
b8f0063d31829ac48939dcc5f6ade8587ea49b62284ec9d90326387a31a023de

SHA512
265ebe154a89f0119fded3b90e6b3da7e2bc993f5aedb0373189778d76d45fb995334976eb8ee2bd8373ef17e918c550013ac753d53d65ddd09dd04d8ecb105a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ipwxgh.exe

Filesize
184KB

MD5
45e81683b0530078baa56849a70935e1

SHA1
06e07f8776f746a8b3245b38a51ad27a6fbe5c57

SHA256
b8f0063d31829ac48939dcc5f6ade8587ea49b62284ec9d90326387a31a023de

SHA512
265ebe154a89f0119fded3b90e6b3da7e2bc993f5aedb0373189778d76d45fb995334976eb8ee2bd8373ef17e918c550013ac753d53d65ddd09dd04d8ecb105a

Download Submit
C:\Users\Admin\AppData\Local\Temp\niwboy.bat

Filesize
188B

MD5
107f05b08d2319ed4ac360d42ef4c254

SHA1
3166f0a944e73f68e87c4af06d2e169a41fda437

SHA256
fb0c8966df0535103da388da14dea53f1024c9b35003a888f97208bd44e6c607

SHA512
407bfbce111692024f66b4fb78cac296aae43906462eb7988741ff0a9f4ce751394a3c9efb5a11a4b1ba0ad7b3b52a6d8af3aedf089bb491101e902c91b85c07

Download Submit