47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 23:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259.exe
Size

268KB
MD5

347bc6e7989fdecd175d1fbc201a06c9
SHA1

e2d30c75dbd0dac73c19eb7aeb4cf3a2052b8e99
SHA256

47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259
SHA512

a89d58652f65b29e915467215583c110c0aca8cc68bd8627fe04ea1e2d02f17dbfaf450c859b815dc301695f77b9c8958b5f01dec3d4bcca2d59e305ed9a5b01
SSDEEP

3072:/nmbO6VMd/ZodoMxAlseuok3flWQmrc4+nv1lWS0xWoGTsuZfH:e66VuA5SseiQQmQ4YvfWS0QpwuZ/

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3876	kkkbxp.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4372	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 4244	2416	47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259.exe	79
PID 2416 wrote to memory of 4244	2416	47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259.exe	79
PID 2416 wrote to memory of 4244	2416	47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259.exe	79
PID 4244 wrote to memory of 3876	4244	cmd.exe	81
PID 4244 wrote to memory of 3876	4244	cmd.exe	81
PID 4244 wrote to memory of 3876	4244	cmd.exe	81
PID 4244 wrote to memory of 4372	4244	cmd.exe	82
PID 4244 wrote to memory of 4372	4244	cmd.exe	82
PID 4244 wrote to memory of 4372	4244	cmd.exe	82

C:\Users\Admin\AppData\Local\Temp\47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259.exe
"C:\Users\Admin\AppData\Local\Temp\47d67664a1be8db485396f97c27eb72fd6297764bfd580de51dd1061a76c8259.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hmjltjq.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4244
- - C:\Users\Admin\AppData\Local\Temp\kkkbxp.exe
    "C:\Users\Admin\AppData\Local\Temp\kkkbxp.exe"
    3⤵
    - Executes dropped EXE
    PID:3876
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:4372

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hmjltjq.bat

Filesize
124B

MD5
479276db0c190e48451dabc8425c27ef

SHA1
29882a6640505edd5d98740012a91616a9eeace0

SHA256
ffc073c18f986f6aff2bfb740de7903957a288a23158fe45961b21d1c2dfafec

SHA512
38c7156bbf8200aac8c4a916b87aa33437f0a9aa136cb2c8e8e6abbf4bba19e5bc83407a51000cb6ebcdcbe58a13cdcb25edd848100351d992140f26ec2d01e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkkbxp.exe

Filesize
172KB

MD5
e38b6cecef4b03e66b924fadcd51514c

SHA1
a1eaf745f0ec17c1df4a71335fe7cea9698577e2

SHA256
0cd8712d13f940a5752307c4400ca69aba70788c8f1653534e53457c9352dd63

SHA512
0844ab7717a2d43649f7c333b3c93340891ef4af097bfc5b873ac0b8aa28d3b71f4ade15f697cc46e74738d6e083adb6f9823b87a6494e2924bd0063e01c571b

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkkbxp.exe

Filesize
172KB

MD5
e38b6cecef4b03e66b924fadcd51514c

SHA1
a1eaf745f0ec17c1df4a71335fe7cea9698577e2

SHA256
0cd8712d13f940a5752307c4400ca69aba70788c8f1653534e53457c9352dd63

SHA512
0844ab7717a2d43649f7c333b3c93340891ef4af097bfc5b873ac0b8aa28d3b71f4ade15f697cc46e74738d6e083adb6f9823b87a6494e2924bd0063e01c571b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mnajwc.bat

Filesize
188B

MD5
58c26b58c30e32706fdc7c5cc9524584

SHA1
fd3f518b637197dc23301731c1c72a98318596af

SHA256
06f3bae5e4645731e2b8744213faf3dc20687616aa8f550c7984fd5c7fc28be1

SHA512
28a028abd872e715ae6fae0f9edad3e33761e8fcafdec8999211b77df5cf52fd209c80a4287243f7186c80dfd819f7e13c433e081d9993b6baed04ec92f565e0

Download Submit