82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150

General

Target

82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
Size

5.2MB
MD5

65bc10aa24d76ec1b02a151a16d053c0
SHA1

81bfa89a47ef789ea1cc5c98f02df2bc2a038a4e
SHA256

82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150
SHA512

b0e22e0050090d6f8bc9ae8291005e406d3ab3ea60976aa9394f2c37f59645d8df0ddca7dfe927b0f604428092778da3a3a968da11bc73ea042dfc87d7b9d298
SSDEEP

98304:VXISESTXsUp7ZcjxlqSs/eAFe6WgdLzjnezZED:Vr5sjjxcz20pz6zZm

Score

1^/10

Malware Config

Signatures

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
1644	schtasks.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1500	PING.EXE

C:\Users\Admin\AppData\Local\Temp\82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
"C:\Users\Admin\AppData\Local\Temp\82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe"
1⤵
PID:1348
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /create /tn COMSurrogate /f /sc onlogon /rl highest /tr "C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe"
  2⤵
  - Creates scheduled task(s)
  PID:1644
- C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe
  "C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe"
  2⤵
  PID:1760
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Users\Admin\AppData\Local\Temp\82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe"
  2⤵
  PID:1720
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    PID:804
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:1500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe

Filesize
761.8MB

MD5
d8336579288e0922b1ba27c0822ad1f4

SHA1
e64bb348a5c42a4b28616ff97e75bd29f233a16c

SHA256
540284df5b451528b8034c8c4112e4ec03e333220c540c27cfd14186e8d39489

SHA512
770b49dbf53ecb1ed1f956915bb09b99910ebc869e3cfd171d997192cda12e05a3792344e41a4d72c52b62918f243ad38639f5072d7854a2684f28816d883c48

Download Submit
\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe

Filesize
763.2MB

MD5
07e7f33466efd18fe8fbeb814ae0ff09

SHA1
05ae7d630a4d51d70d351f0c81f49ef4093606e1

SHA256
5506ee1393d19a3b438ef14ca0ac50b4fa7679d20a692cb92177895e3ab48b9c

SHA512
4a1e149c4868f5a7d51f8189b5aa0bc43605b34cc74ffe64e7fee8d6a6579d9c8c14d4cf88cb96772fb0ef7eab3846d2fc877428fbbca0c1af134658cde9db0c

Download Submit
\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe

Filesize
761.8MB

MD5
badf61d55aa6de421fd84b7e505a4bdf

SHA1
99522dddc80847a0d836f66caad4b85d122bcf18

SHA256
14f8506e724e3e7ce663bbe43e34a8494c0a5c31cf28cad285ea655e55efe62b

SHA512
01db887de43c56d5b4da7536f349568bc31c77dd020ed33db7321af6f9066db832b48643f63af658f105bc48e2c6613c35830044c9c6d8efbaa772028e106ed1

Download Submit
memory/1348-57-0x0000000003BF0000-0x00000000040EB000-memory.dmp

Filesize
5.0MB

Download
memory/1348-59-0x00000000022F0000-0x0000000003BE2000-memory.dmp

Filesize
24.9MB

Download
memory/1348-60-0x0000000003BF0000-0x00000000040EB000-memory.dmp

Filesize
5.0MB

Download
memory/1348-58-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1348-68-0x0000000003BF0000-0x00000000040EB000-memory.dmp

Filesize
5.0MB

Download
memory/1348-56-0x0000000003BF0000-0x00000000040EB000-memory.dmp

Filesize
5.0MB

Download
memory/1348-54-0x00000000022F0000-0x0000000003BE2000-memory.dmp

Filesize
24.9MB

Download
memory/1348-55-0x00000000022F0000-0x0000000003BE2000-memory.dmp

Filesize
24.9MB

Download
memory/1760-70-0x0000000002480000-0x0000000003D72000-memory.dmp

Filesize
24.9MB

Download
memory/1760-71-0x0000000002480000-0x0000000003D72000-memory.dmp

Filesize
24.9MB

Download
memory/1760-72-0x0000000003D80000-0x000000000427B000-memory.dmp

Filesize
5.0MB

Download
memory/1760-74-0x0000000003D80000-0x000000000427B000-memory.dmp

Filesize
5.0MB

Download
memory/1760-75-0x000000000DE50000-0x00000000106EF000-memory.dmp

Filesize
40.6MB

Download
memory/1760-76-0x000000000DE50000-0x00000000106EF000-memory.dmp

Filesize
40.6MB

Download
memory/1760-77-0x0000000002480000-0x0000000003D72000-memory.dmp

Filesize
24.9MB

Download
memory/1760-78-0x0000000003D80000-0x000000000427B000-memory.dmp

Filesize
5.0MB

Download
memory/1760-79-0x000000000DE50000-0x00000000106EF000-memory.dmp

Filesize
40.6MB

Download
memory/1760-80-0x0000000003D80000-0x000000000427B000-memory.dmp

Filesize
5.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads