Overview

overview

7

Static

static

1

14ce816368...15.exe

windows7-x64

7

14ce816368...15.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14ce8163688f03b06654b88438b3fd15.exe

  • Size

    322KB

  • MD5

    14ce8163688f03b06654b88438b3fd15

  • SHA1

    d5794c208361373b5b85ce23a3761d97016af524

  • SHA256

    d503716b71f857de786e6e33f57dba3da6bcbccc4d7c7f0a202b119f88c85048

  • SHA512

    cc59e3ff1dfdba00d4db70ec7869e160f88d69fcd060038d82526d5de31c3669981c40ba74e5c12d44da2b3eaf5d57ce6371ec7397f9ea2b1d877a16bb5ff7fd

  • SSDEEP

    6144:Wfjh65Bhq2gfaGlc6/HA/ItZMdFmKZAIUj3M6q:QY5BhvGj8eMd8KXMq

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14ce8163688f03b06654b88438b3fd15.exe
    "C:\Users\Admin\AppData\Local\Temp\14ce8163688f03b06654b88438b3fd15.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\14ce8163688f03b06654b88438b3fd15.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4616
  • C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    1⤵
    • Runs ping.exe
    PID:4344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1492-0-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1492-1-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1492-2-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1492-3-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download