Overview

overview

10

Static

static

3

PPID1.exe

windows7-x64

10

PPID1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2023, 05:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    PPID1.exe

  • Size

    13KB

  • MD5

    0b02be529a8976f191047ed8f14481ac

  • SHA1

    2b6e0674d13df1beb1bb175394e7e9a1392442af

  • SHA256

    e10dde8652886493dc30253feee38757ee8a91914c8eb6bc9e1cc567c4129117

  • SHA512

    ba827ff871ba7138ea7c37ae7953a27cf0718c3a7fa4f5a5600daeea0be94696f96857d248c45c180e1adb3b279e60b1804b036e3397434c92b1a1716ccd7626

  • SSDEEP

    192:489j5b7LosQ1WrMJCF3mqorsIpTOmnV2PJ63Q5tf2DAD:5D7LoZ9CFMJpaGV2M38

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1220
      • C:\Users\Admin\AppData\Local\Temp\PPID1.exe
        "C:\Users\Admin\AppData\Local\Temp\PPID1.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1808
      • C:\Program Files\internet explorer\iexplore.exe
        "C:\Program Files\internet explorer\iexplore.exe"
        2⤵
          PID:364

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads