4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35

Analysis

max time kernel
175s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:54

Target

4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe
Size

709KB
MD5

4ec1700818e444ecb944b8037fd49b49
SHA1

8772dec3229c85509d569d8921292d1290cf4230
SHA256

4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35
SHA512

14cd49c9608f79e9f993cb5eb5ffe9923d4d06fa2282358cbf7270479d0b092f4980b76ce77ffb58298f07548bcc923a4d50f36d8f36ffeb2aceca792eeb445a
SSDEEP

12288:vDk+EGgVPlD/yegDJdE6KeaqhJHvkPHJiVqTaB01GqQbQlVZ+QHpfuC0:o+xgVPlryeIdE6xhJcPHJiV93fbdEu

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4148 PING.EXE

pid	process
4148	PING.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe

pid	process
4860	4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe
4860	4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.execmd.exe

description	pid	process	target process
PID 4860 wrote to memory of 4872	4860	4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe	cmd.exe
PID 4860 wrote to memory of 4872	4860	4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe	cmd.exe
PID 4860 wrote to memory of 4872	4860	4995fae854f60d188b634141ab918f93f01c85436b3ea21a116eaa83b67a4b35.exe	cmd.exe
PID 4872 wrote to memory of 4148	4872	cmd.exe	PING.EXE
PID 4872 wrote to memory of 4148	4872	cmd.exe	PING.EXE
PID 4872 wrote to memory of 4148	4872	cmd.exe	PING.EXE

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\360Downloads\Pester.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:4872

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\360Downloads\Pester.bat

Filesize
139B

MD5
6bcd66c85df1cfd53c6b963be18815b7

SHA1
271beacb953ed8927a90b8969516f19b69fc13ef

SHA256
ba5241246dbcd7a72dbe9387bde1ba8a6ba1585d0628fc0ad5d6e52210be55c2

SHA512
3ddb76468cf04ca0587dabe7cb3e32067a46cfa05dc7c5b87e6e4d092ee2d84c959403bdc1241eecacd2d5173e07c3287a9044dcaf2cb395fc125f11482ec96b

Download Submit
memory/4148-139-0x0000000000000000-mapping.dmp

Download
memory/4860-132-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/4860-133-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/4860-134-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/4860-135-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/4860-136-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/4860-140-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/4872-137-0x0000000000000000-mapping.dmp

Download