01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110

Analysis

max time kernel
100s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110.exe
Size

292KB
MD5

0cf37e86dcabab3003d8f252099a33b5
SHA1

95ce084c2bd2b3982078d63c02b977f6645f73e6
SHA256

01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110
SHA512

f4d7b7ffc09e30b60518dedbf25b56b5089de67f63d53dabf114adc2ad3c122608821513539625f89598ccaab1c4026709f1b92153debc977c8c9c5ee7ffc56b
SSDEEP

3072:sF5M47cIAorNnZp5iE/sUYZaI5jhwdX3Va+MJ2eCzSTsuZff:sF5MfqvUmsTtgHVZMeuwuZX

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5092	yzoppu.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5060	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 5008	4104	01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110.exe	81
PID 4104 wrote to memory of 5008	4104	01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110.exe	81
PID 4104 wrote to memory of 5008	4104	01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110.exe	81
PID 5008 wrote to memory of 5092	5008	cmd.exe	83
PID 5008 wrote to memory of 5092	5008	cmd.exe	83
PID 5008 wrote to memory of 5092	5008	cmd.exe	83
PID 5008 wrote to memory of 5060	5008	cmd.exe	84
PID 5008 wrote to memory of 5060	5008	cmd.exe	84
PID 5008 wrote to memory of 5060	5008	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110.exe
"C:\Users\Admin\AppData\Local\Temp\01c575a6e4de82fea9fdf3b0ceaf94f16e800299105d75727e74b5d109df5110.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\osdmkxt.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\yzoppu.exe
    "C:\Users\Admin\AppData\Local\Temp\yzoppu.exe"
    3⤵
    - Executes dropped EXE
    PID:5092
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:5060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\osdmkxt.bat

Filesize
124B

MD5
046f4aa194765b1035325bb85771c740

SHA1
881c216d7d0bc3e44dcf493ba4f9d202e8aa44e1

SHA256
c9f519a81cb3ff8e3d9c0f5d052cd0b54605c83da37508017d62191b86838d16

SHA512
2a345ab8e805bb41475cc9d5e1804c0d62908c450286fa600b537e69fceeb9464d121ddb4e30cff33f4cd882a9d4868299e19013fb6e3def854ccf1a74f60c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdgsxn.bat

Filesize
188B

MD5
7bca9318d7a76bcec608bb605824babf

SHA1
e40fc7f74a4c56db7777f6f15852bccd87883868

SHA256
064be9e302f7e9c4f0bbf6b8eac2feb3dda0b9e7c0a51cc38bcbf42896d12a7e

SHA512
e5bd7dc0ef0151e180f812f94c0e1e98ee75650d16ff9df79501121ff4e3217e847af85c43220c5007b89e9e52853a7173d8f8dded603c73c8346df14ffc7577

Download Submit
C:\Users\Admin\AppData\Local\Temp\yzoppu.exe

Filesize
188KB

MD5
da6beae51a90074c03bc7ce25b9fe660

SHA1
bcfc84db5451c85f90c248c48318b689a4de7dc5

SHA256
5b2c6c2f4ea75905ab4376682c402b38a2c74648eb50f50b2ad6d91c89dfea2d

SHA512
f75932ef0f6e8e7f508e42bb18b9e29173eb2871f2cb750b51923fcace04ef19b4544476267690e54d2357e494a71b5d5af2e436add0e1bdef4ad34464c18348

Download Submit
C:\Users\Admin\AppData\Local\Temp\yzoppu.exe

Filesize
188KB

MD5
da6beae51a90074c03bc7ce25b9fe660

SHA1
bcfc84db5451c85f90c248c48318b689a4de7dc5

SHA256
5b2c6c2f4ea75905ab4376682c402b38a2c74648eb50f50b2ad6d91c89dfea2d

SHA512
f75932ef0f6e8e7f508e42bb18b9e29173eb2871f2cb750b51923fcace04ef19b4544476267690e54d2357e494a71b5d5af2e436add0e1bdef4ad34464c18348

Download Submit