Overview

overview

10

Static

static

10

pikabotcore.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2023 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pikabotcore.exe

  • Size

    320KB

  • MD5

    3bbf71aeaa85e2774c1d47c0e56e6472

  • SHA1

    4bd1668c397a2e0bcc293bfecd0eee62df947c3a

  • SHA256

    3316b2087e41a54a4bc60bef2058b10a645265e60f965e0c3d71da0bf5e221cd

  • SHA512

    e713984a8a6592ca4cbfe440f24b835fed4700d77270a04743eef443de0b15f7a21d319ba665a65c0b97ef9cf90be70bb276897169e25e9414e02115e148a847

  • SSDEEP

    6144:cewJSTU0kYEti/xN9WpofUGFTT51zFISUumZrkR10efUKJ:nkY7EYtF1ztU3Qztf

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pikabotcore.exe
    "C:\Users\Admin\AppData\Local\Temp\pikabotcore.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Windows\SysWOW64\whoami.exe
      whoami.exe /all
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4660
    • C:\Windows\SysWOW64\ipconfig.exe
      ipconfig.exe /all
      2⤵
      • Gathers network information
      PID:1220
    • C:\Windows\SysWOW64\netstat.exe
      netstat.exe -aon
      2⤵
      • Gathers network information
      • Suspicious use of AdjustPrivilegeToken
      PID:396

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads