Analysis
-
max time kernel
185s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
24-11-2022 19:19
General
-
Target
c96f60d5148757fbc046a167dc6864cd90b0f3a5ec7673e43a8c8281c6c2a9fb.exe
-
Size
1013KB
-
MD5
2c40c613749264799d97f7662cd817cc
-
SHA1
b41a2dac0b45ce77323e94f4a49eb734e1ff353b
-
SHA256
c96f60d5148757fbc046a167dc6864cd90b0f3a5ec7673e43a8c8281c6c2a9fb
-
SHA512
73d8438460dabae4be5b20ad5a509c09b57fd5e211c1792bc5fc35de410ac99e3efe8e4a504a30c50815c53855f146f7f8476d61180efdd3c298f520b997c7eb
-
SSDEEP
24576:rEPrVEkNwwouWihUW3cfwspt82UmVTSv:4CMorfb82UmVTSv
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c96f60d5148757fbc046a167dc6864cd90b0f3a5ec7673e43a8c8281c6c2a9fb.exe"C:\Users\Admin\AppData\Local\Temp\c96f60d5148757fbc046a167dc6864cd90b0f3a5ec7673e43a8c8281c6c2a9fb.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\c96f60d5148757fbc046a167dc6864cd90b0f3a5ec7673e43a8c8281c6c2a9fb.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4836-133-0x0000000000000000-mapping.dmp
-
memory/4916-132-0x0000000000000000-mapping.dmp