d615d0ce44d1e684e9c834e5f4f5a238fa81d99fea55ef0413083fed13a4e086

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DST10.exe
Size

633KB
MD5

cafd694946da0c63920bfd2f1097e050
SHA1

d9ee1bfa1c0ca64318abb4409356eaa7a28c8cbe
SHA256

d615d0ce44d1e684e9c834e5f4f5a238fa81d99fea55ef0413083fed13a4e086
SHA512

dc2971d0ffb9670301de799c5d363f3b197d1c3cbe59d9327e2c6421c22066b18c0b1f973f7a5365ed3ab6a28b47aaddb3b8c33724919d606619bef1a7fcb96b
SSDEEP

12288:ffmxsO+Hdsy7MfoVFfBVxsMAuxA6WI77A86d:fhO+HdsAMQVF51dWI77/6d

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
400	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 4744	1048	DST10.exe	34
PID 1048 wrote to memory of 4744	1048	DST10.exe	34
PID 4744 wrote to memory of 400	4744	cmd.exe	37
PID 4744 wrote to memory of 400	4744	cmd.exe	37

C:\Users\Admin\AppData\Local\Temp\DST10.exe
"C:\Users\Admin\AppData\Local\Temp\DST10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ping localhost -n 600
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4744
- - C:\Windows\system32\PING.EXE
    ping localhost -n 600
    3⤵
    - Runs ping.exe
    PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-0-0x00007FF651E00000-0x00007FF651E84000-memory.dmp

Filesize
528KB

Download