ef3a9080d2735e3b0b233ee0f52166ea17d17a3f4e50690f13f48814e7a241f4

Analysis

max time kernel
208s
max time network
234s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:47

Target

ef3a9080d2735e3b0b233ee0f52166ea17d17a3f4e50690f13f48814e7a241f4.exe
Size

64KB
MD5

1e8531d9faa66280b4f71fd5e15b9548
SHA1

0050ce80f60cd012ccf85fca5bcc725b0ff9355f
SHA256

ef3a9080d2735e3b0b233ee0f52166ea17d17a3f4e50690f13f48814e7a241f4
SHA512

97ed0c60ed86dbf7038644509a92f63210e1441a7800a4637cf71ce337c44d70cb4c981166a66cf15def4a3e26cb3f17587b752c5356c50e7f6180ecafe9edca
SSDEEP

768:3ERN4wVIcMRYKsfxjaVfFvBgkhV6Oc+GB32RpYA//lFiYZqiK:3ERNMcMGlfxjabynOc+GBUL/jBJK

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

pid	Process
3428	PING.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 5100	1212	ef3a9080d2735e3b0b233ee0f52166ea17d17a3f4e50690f13f48814e7a241f4.exe	83
PID 1212 wrote to memory of 5100	1212	ef3a9080d2735e3b0b233ee0f52166ea17d17a3f4e50690f13f48814e7a241f4.exe	83
PID 1212 wrote to memory of 5100	1212	ef3a9080d2735e3b0b233ee0f52166ea17d17a3f4e50690f13f48814e7a241f4.exe	83
PID 5100 wrote to memory of 3428	5100	cmd.exe	85
PID 5100 wrote to memory of 3428	5100	cmd.exe	85
PID 5100 wrote to memory of 3428	5100	cmd.exe	85

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact