ab0be423a7c0940154615c731074f4e09104501a338573dd3dde297445b52bbe

Analysis

max time kernel
35s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 13:27

Target

ab0be423a7c0940154615c731074f4e09104501a338573dd3dde297445b52bbe.dll
Size

687KB
MD5

28e6011c2a4a975209a0e7a4881a5266
SHA1

8dfa65157fc14b54fc89696ad6a6022fce42d6f0
SHA256

ab0be423a7c0940154615c731074f4e09104501a338573dd3dde297445b52bbe
SHA512

1b6e892cb9b3425ac8afbae0ef3a4450438257c33cab630dfc6455226780161ddaddfb0a82095d8584a3f605ccad685597cd3e64e5a950b96f8a3fc706fc53d1
SSDEEP

6144:VNFNN0quA/N3zYXtrps4king/r2kYI7JvHM:VT0C/lws4king/r2ZIu

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

968 PING.EXE

pid	process
968	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.execmd.exe

description	pid	process	target process
PID 1388 wrote to memory of 696	1388	regsvr32.exe	cmd.exe
PID 1388 wrote to memory of 696	1388	regsvr32.exe	cmd.exe
PID 1388 wrote to memory of 696	1388	regsvr32.exe	cmd.exe
PID 696 wrote to memory of 968	696	cmd.exe	PING.EXE
PID 696 wrote to memory of 968	696	cmd.exe	PING.EXE
PID 696 wrote to memory of 968	696	cmd.exe	PING.EXE

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ab0be423a7c0940154615c731074f4e09104501a338573dd3dde297445b52bbe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1388

C:\Windows\system32\cmd.exe
cmd.exe /c echo 1234567890 && ping -n 6 127.0.0.1
2⤵
- Suspicious use of WriteProcessMemory
PID:696

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/696-55-0x0000000000000000-mapping.dmp

Download
memory/968-56-0x0000000000000000-mapping.dmp

Download
memory/1388-54-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

Filesize
8KB

Download