d50eaf25b8391cb006d285d89b6e50bb90837cfda8f42e87e7e4b296fb135ee9

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PING.lnk
Size

1KB
MD5

90aa71b5ec55395a32c46f7de543a26d
SHA1

02aaaf2c537f3a39dbe042a9916d15c7032801cd
SHA256

d50eaf25b8391cb006d285d89b6e50bb90837cfda8f42e87e7e4b296fb135ee9
SHA512

e1b85be4141e16ada52f5c665a66de814c3dfa94c9a3f5cb71ec2a1f388f8285818630eaae76f9d4e625bd6473e3c4382b3a967a1db62a29d321fa98085ed568

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2908	PING.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2908	2948	cmd.exe	29
PID 2948 wrote to memory of 2908	2948	cmd.exe	29
PID 2948 wrote to memory of 2908	2948	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PING.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\System32\PING.EXE
  "C:\Windows\System32\PING.EXE" roblox.com -t -l 1000
  2⤵
  - Runs ping.exe
  PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads