Analysis
-
max time kernel
189s -
max time network
221s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 14:43
Static task
static1
Behavioral task
behavioral1
Sample
290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe
Resource
win10v2004-20221111-en
General
-
Target
290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe
-
Size
551KB
-
MD5
f52e322067f40aaf53116a67fae43788
-
SHA1
0504b0ccc1283e867c4a4358fbdfd44080ce63c7
-
SHA256
290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0
-
SHA512
2f4002b0c53454dce0a28e0b33196970a649bc5fece6dc967459754651235f5b397488527fe885ab100fbde94fa86b8cc2ce6d8ff81726168ceaf5b9ba892631
-
SSDEEP
12288:NmQQ1UDqCJUdBOkuLZSyEtpmZ4X02syHDCqgv7bTd:7QerJiYPLZS73OZKtA7V
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.execmd.exedescription pid process target process PID 4324 wrote to memory of 1480 4324 290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe cmd.exe PID 4324 wrote to memory of 1480 4324 290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe cmd.exe PID 4324 wrote to memory of 1480 4324 290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe cmd.exe PID 1480 wrote to memory of 3336 1480 cmd.exe PING.EXE PID 1480 wrote to memory of 3336 1480 cmd.exe PING.EXE PID 1480 wrote to memory of 3336 1480 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe"C:\Users\Admin\AppData\Local\Temp\290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\290529e31b6d12fd68b000e0113d966bea444d3ccf17e0cc433aa53d8a8301f0.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe