Analysis
-
max time kernel
48s -
max time network
78s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
06/12/2022, 12:41
General
-
Target
c26a7e16bd62983a71d78d26fc2d05e29894e65b5d98bbfc5d6437a91496b716.exe
-
Size
11KB
-
MD5
cdc4b5c97d14bcc546697a1235392d66
-
SHA1
c0fd2be763e485bbce29c6d3e7c47e81ae5a4ca7
-
SHA256
c26a7e16bd62983a71d78d26fc2d05e29894e65b5d98bbfc5d6437a91496b716
-
SHA512
abaa513a3a1fa34df92f14683178b722718275a625fd3f796234e4f68ff5559e5fa4c414f1f10315f09f3096c9672301f7107e5071b2dc9a8f2786d88560fdf5
-
SSDEEP
192:Gn0u0RgmKksj4esZxDORcsPGCCO5aNdPuvuuE8NUoyExYMikE6C0fhWxAWn83:WA1HLe+xDORcAGCCSmOE5CxYMM6CSWxC
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c26a7e16bd62983a71d78d26fc2d05e29894e65b5d98bbfc5d6437a91496b716.exe"C:\Users\Admin\AppData\Local\Temp\c26a7e16bd62983a71d78d26fc2d05e29894e65b5d98bbfc5d6437a91496b716.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c del.bat2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping xcc3⤵
- Runs ping.exe
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200B
MD56775542f33fb88f197f92ccbc6301030
SHA16648d29a8a971d9b3f530b261e48186151b06232
SHA256200cba73753b0305fe238061917bad4acab9623fe8e7b9b0b3987b7c44336b32
SHA5124343d990d83b4021a84fcaa5f8c99ebedd2ac8cfa93717c871e65a418004cbbea579c01ed22a8b275682a928ce78557b140a69278963e80717c8a129b2f4120a