c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e

Analysis

max time kernel
181s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 13:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e.exe
Size

284KB
MD5

4ee19fc4178f11efe34070981e99efca
SHA1

7955e7f82fdf37a2096e43845563dcdd86f0ea3e
SHA256

c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e
SHA512

7545f046393c0d2229ba700b980e5430c4775569c092e4b11be4ccce059f830b448c7ac8b64bd682429e387c5d075e7c95ac8f9a0fb615bda9bc15461b251fb0
SSDEEP

3072:PyJ8Xc8+5oqpybtE0FfFjzVSHe7DaG7cClWLvL08LOvfTsuZfW:PyJ8XHjbtEIdYev77DWboLwuZO

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4336	iqczdk.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4388	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1124	2092	c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e.exe	78
PID 2092 wrote to memory of 1124	2092	c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e.exe	78
PID 2092 wrote to memory of 1124	2092	c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e.exe	78
PID 1124 wrote to memory of 4336	1124	cmd.exe	80
PID 1124 wrote to memory of 4336	1124	cmd.exe	80
PID 1124 wrote to memory of 4336	1124	cmd.exe	80
PID 1124 wrote to memory of 4388	1124	cmd.exe	81
PID 1124 wrote to memory of 4388	1124	cmd.exe	81
PID 1124 wrote to memory of 4388	1124	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e.exe
"C:\Users\Admin\AppData\Local\Temp\c68fbd781310a36417ada1e4ef46662086d9ce3ce2b9db37bea60574aa541e5e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gsjemsy.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1124
- - C:\Users\Admin\AppData\Local\Temp\iqczdk.exe
    "C:\Users\Admin\AppData\Local\Temp\iqczdk.exe"
    3⤵
    - Executes dropped EXE
    PID:4336
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:4388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gsjemsy.bat

Filesize
124B

MD5
fcf209d6df9bb1e9d34cf33ddeda465c

SHA1
6f4b0f12ba96f02ca576da93850f08a3779845ca

SHA256
5aba6f9f8a6b2cf7ee76ce66238b0ee93a2c13a4ae77d25a0954638a6a90eb76

SHA512
a4cf13da9c7f400ba2968a05e4bccc94b585356ea8b50c81324f0a55d63dbaf264afee13377c51c6443f5c45b27411a0ced7dd7195f1700c9c078f919b350f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\iqczdk.exe

Filesize
184KB

MD5
bcd18d8ab19d9df221726e130eac51fb

SHA1
fe2db9a98db3495c160b5caaad2c17abcfb801cc

SHA256
90340159ff1fe6be596328f77de9f7ce0ebce4ca229db6e76da0a46d0c53f3ef

SHA512
c517a2ed0f22cce9e2f42c2f308af69cb71a27ff9c3444a430ff37d87dbff0104b58e4a8d3ae49da7abd99202aca1eb8057f3739f83c18f2af7a4947d8d2f9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\iqczdk.exe

Filesize
184KB

MD5
bcd18d8ab19d9df221726e130eac51fb

SHA1
fe2db9a98db3495c160b5caaad2c17abcfb801cc

SHA256
90340159ff1fe6be596328f77de9f7ce0ebce4ca229db6e76da0a46d0c53f3ef

SHA512
c517a2ed0f22cce9e2f42c2f308af69cb71a27ff9c3444a430ff37d87dbff0104b58e4a8d3ae49da7abd99202aca1eb8057f3739f83c18f2af7a4947d8d2f9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\xwrhhf.bat

Filesize
188B

MD5
546900b2c3483523a639e9196dcadc8d

SHA1
1a33a1ec9ae3677f62081eff6e3f4add674aa43b

SHA256
38fdd0089279ea303aabc0a455a800f9dde6580a10efed4961e1f8f38920db77

SHA512
391f2d14a229d657f6ed33a9d38b2ceafc573ff04d32a77c4b3cebbda3780d3223f05d4abf925acb7d78666d6f87463f1da52b342c8cffd0af2e92c234ea9a05

Download Submit