6daceb81feae66db1d3b6f6efa4caecb9924163f2f87c8715e53b287ce63f468

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f37e823a3abe81ac98454f9f07fae778.exe
Size

316KB
MD5

f37e823a3abe81ac98454f9f07fae778
SHA1

fb87e4e647993aa070f4d49eb8a238cf2d1d795b
SHA256

6daceb81feae66db1d3b6f6efa4caecb9924163f2f87c8715e53b287ce63f468
SHA512

4beec8a64183a82d6df0a88aefe63d16347dfa8be664497da8a5562b0809f075137802583f636fe5a7f0779a5893d4a7beb3af1cd8c0feab5c7000ca2b424f33
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiE/Lc1YR2tW:FytbV3kSoXaLnTosl+LciRyW

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1684	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4952	f37e823a3abe81ac98454f9f07fae778.exe
4952	f37e823a3abe81ac98454f9f07fae778.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4952	f37e823a3abe81ac98454f9f07fae778.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4612	4952	f37e823a3abe81ac98454f9f07fae778.exe	19
PID 4952 wrote to memory of 4612	4952	f37e823a3abe81ac98454f9f07fae778.exe	19
PID 4612 wrote to memory of 1684	4612	cmd.exe	15
PID 4612 wrote to memory of 1684	4612	cmd.exe	15

C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 6000
1⤵
- Runs ping.exe
PID:1684

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\f37e823a3abe81ac98454f9f07fae778.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612

C:\Users\Admin\AppData\Local\Temp\f37e823a3abe81ac98454f9f07fae778.exe
"C:\Users\Admin\AppData\Local\Temp\f37e823a3abe81ac98454f9f07fae778.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads