ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c.exe
Size

276KB
MD5

68ff7a14b68604a320e025f11a59aa56
SHA1

6273aaba5ecb455cec486cc4be54813b4bcfd965
SHA256

ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c
SHA512

aab0803ce7439a5437769cccf911ecb8907aba3613a78d362886b56ee630453fc6179039adc7dbb4ac0984832a3bc9c26b7009a228bd9d0f24139f30b8ec4174
SSDEEP

3072:+UfJ8XcRk4go4CDIuLgxMgIGrmeUcsTOQMOji7LuPGB5bqJfoMMVdPf6:+UfJ8XFxcLKMtG6eUJyQMOjiSo5wDsPi

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1020	pnxiuj.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
668	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 4780	4372	ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c.exe	81
PID 4372 wrote to memory of 4780	4372	ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c.exe	81
PID 4372 wrote to memory of 4780	4372	ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c.exe	81
PID 4780 wrote to memory of 1020	4780	cmd.exe	83
PID 4780 wrote to memory of 1020	4780	cmd.exe	83
PID 4780 wrote to memory of 1020	4780	cmd.exe	83
PID 4780 wrote to memory of 668	4780	cmd.exe	84
PID 4780 wrote to memory of 668	4780	cmd.exe	84
PID 4780 wrote to memory of 668	4780	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c.exe
"C:\Users\Admin\AppData\Local\Temp\ab98bf54134da833a387d656648fa928b21016ef66ea8305b601e81346f4c48c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nlyqedr.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\pnxiuj.exe
    "C:\Users\Admin\AppData\Local\Temp\pnxiuj.exe"
    3⤵
    - Executes dropped EXE
    PID:1020
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bulbve.bat

Filesize
188B

MD5
24c961cef3b23503cbfd5e853d794c54

SHA1
19111f5008c922c289026d711a0cfe825a4a9a2c

SHA256
c5ee7e86ab51d863f78e9e7bb5b320ca1938730c42bfb2fe44d5620876dc9de9

SHA512
da593e355f7732db09fff3d36e5fcca01d7fc8ec24c06657cde53176f28b24834146b5bc078740f688ecb25e92aff95af030727df2d0f2b2029c9e273bbdf21b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nlyqedr.bat

Filesize
124B

MD5
933dd38112de238066f6f0021aca4fd2

SHA1
bcc058c4a619ded1f95bab2a875b2838fff2934a

SHA256
4337f766294e12b3a044766386aff4c669e6fbbb507c775a82a5021fa67427ae

SHA512
486f2d6fdab571787f126ea7564027151538c236e8776ecbd3166edac752c84d8aef4c200279a95fca47e0903b8958e3dbb94530fe75935d8c8af3929ebd7d62

Download Submit
C:\Users\Admin\AppData\Local\Temp\pnxiuj.exe

Filesize
184KB

MD5
a012bc2020dca019a1673536375643ba

SHA1
3732690984c034a191fce887a214747b03e728b0

SHA256
680afea6899a434d63a4ef341eb4d4d53d7d8557a9175c5229834c7662001026

SHA512
c47e7e7c87cdc7c9dbbb349944a422b26f2564928db4e610d68c1d65e7f1a5cb3981fdceea0e48f27ff5462cd2a2af54f363006d1e9a6bb7245510a58f4d8b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pnxiuj.exe

Filesize
184KB

MD5
a012bc2020dca019a1673536375643ba

SHA1
3732690984c034a191fce887a214747b03e728b0

SHA256
680afea6899a434d63a4ef341eb4d4d53d7d8557a9175c5229834c7662001026

SHA512
c47e7e7c87cdc7c9dbbb349944a422b26f2564928db4e610d68c1d65e7f1a5cb3981fdceea0e48f27ff5462cd2a2af54f363006d1e9a6bb7245510a58f4d8b7f

Download Submit