cfadd7de8971eab0525acb2e4988887be07c19434d9d5ce9d38224963807eb4a

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c04e43c539bcddfea05d5fbdd0ddfb0e.exe
Size

226KB
MD5

c04e43c539bcddfea05d5fbdd0ddfb0e
SHA1

f96f93f8423b8491fe999a261b2258323c51c797
SHA256

cfadd7de8971eab0525acb2e4988887be07c19434d9d5ce9d38224963807eb4a
SHA512

a7f7b1a9031d1700b82678a5722382f4ab171de8b7397098ff40c4113d9455dbab166b9f40d2f90f0a4ce4cbdf0b0184d3a6bb57c646542f1c06da12e41011ac
SSDEEP

3072:aU/9+vstGGGFOpQ6vGHAnqpPLsZt9UCTmgj1Hcolp0kf1Y3P:aUTGFOpQ6E7PLsZtOAVyoTf1Y3P

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 6 IoCs

Remote System Discovery

T1018

pid	Process
2680	PING.EXE
2584	PING.EXE
2608	PING.EXE
3052	PING.EXE
2716	PING.EXE
2772	PING.EXE

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 3060	2644	c04e43c539bcddfea05d5fbdd0ddfb0e.exe	24
PID 2644 wrote to memory of 3060	2644	c04e43c539bcddfea05d5fbdd0ddfb0e.exe	24
PID 2644 wrote to memory of 3060	2644	c04e43c539bcddfea05d5fbdd0ddfb0e.exe	24
PID 2644 wrote to memory of 3060	2644	c04e43c539bcddfea05d5fbdd0ddfb0e.exe	24
PID 3060 wrote to memory of 2316	3060	cmd.exe	25
PID 3060 wrote to memory of 2316	3060	cmd.exe	25
PID 3060 wrote to memory of 2316	3060	cmd.exe	25
PID 3060 wrote to memory of 3052	3060	cmd.exe	31
PID 3060 wrote to memory of 3052	3060	cmd.exe	31
PID 3060 wrote to memory of 3052	3060	cmd.exe	31
PID 3060 wrote to memory of 2716	3060	cmd.exe	32
PID 3060 wrote to memory of 2716	3060	cmd.exe	32
PID 3060 wrote to memory of 2716	3060	cmd.exe	32
PID 3060 wrote to memory of 2772	3060	cmd.exe	33
PID 3060 wrote to memory of 2772	3060	cmd.exe	33
PID 3060 wrote to memory of 2772	3060	cmd.exe	33
PID 3060 wrote to memory of 2680	3060	cmd.exe	34
PID 3060 wrote to memory of 2680	3060	cmd.exe	34
PID 3060 wrote to memory of 2680	3060	cmd.exe	34
PID 3060 wrote to memory of 2584	3060	cmd.exe	35
PID 3060 wrote to memory of 2584	3060	cmd.exe	35
PID 3060 wrote to memory of 2584	3060	cmd.exe	35
PID 3060 wrote to memory of 2608	3060	cmd.exe	36
PID 3060 wrote to memory of 2608	3060	cmd.exe	36
PID 3060 wrote to memory of 2608	3060	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\c04e43c539bcddfea05d5fbdd0ddfb0e.exe
"C:\Users\Admin\AppData\Local\Temp\c04e43c539bcddfea05d5fbdd0ddfb0e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\89E8.tmp\89E9.bat C:\Users\Admin\AppData\Local\Temp\c04e43c539bcddfea05d5fbdd0ddfb0e.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Windows\system32\mode.com
    mode 84,26
    3⤵
    PID:2316
- - C:\Windows\system32\PING.EXE
    ping -n 5 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:3052
- - C:\Windows\system32\PING.EXE
    ping -n 3 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2716
- - C:\Windows\system32\PING.EXE
    ping -n 3 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2772
- - C:\Windows\system32\PING.EXE
    ping -n 4 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2680
- - C:\Windows\system32\PING.EXE
    ping -n 3 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2584
- - C:\Windows\system32\PING.EXE
    ping -n 3 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\89E8.tmp\89E9.bat

Filesize
4KB

MD5
fe84e5058a131d930e0413a8470d6141

SHA1
48166903297294d3e71e0ff137e18eb8b4754157

SHA256
135ba1e8568a1b3305ed35cb62468ec70d42be784bac013ed623986d48938a3d

SHA512
3217a2d2bb1bc63d6f66c266a6555d1930140bd32b10d160eabf215e3ee11ef0df611c9103bd6e68c5a0a7b991acc07a68509a210b5f56ed840cd5bcba7ca276

Download Submit