102383a2e13dd10b324af14e58c0d8b7a28fa92dde04c54f13d46c41f977599a

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1672e3990f038c73d1c4126f30cbcf7a.exe
Size

385KB
MD5

1672e3990f038c73d1c4126f30cbcf7a
SHA1

9a786aa266fd95d8bb4e3d649ae1454f3d77a0cf
SHA256

102383a2e13dd10b324af14e58c0d8b7a28fa92dde04c54f13d46c41f977599a
SHA512

d1be2cc9cabf9eda134fb6d483e5a1cd1018ab9f7e7a649d1e99009d7979b4afc4683da8782dcc4b1d984d7d7406b9607a3025f1ac747df2604892e570289e46
SSDEEP

6144:/OR5BsjMm8nMwVwk55wi6WRhCZPkX6dZ+1ipGEMi1Mcjt6Fut4+XxnCGb:WR5mjgVwkiWXCZkX6dZQD/Ek8CGb

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2660	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2296	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2660	2784	1672e3990f038c73d1c4126f30cbcf7a.exe	31
PID 2784 wrote to memory of 2660	2784	1672e3990f038c73d1c4126f30cbcf7a.exe	31
PID 2784 wrote to memory of 2660	2784	1672e3990f038c73d1c4126f30cbcf7a.exe	31
PID 2784 wrote to memory of 2660	2784	1672e3990f038c73d1c4126f30cbcf7a.exe	31
PID 2660 wrote to memory of 2296	2660	cmd.exe	33
PID 2660 wrote to memory of 2296	2660	cmd.exe	33
PID 2660 wrote to memory of 2296	2660	cmd.exe	33
PID 2660 wrote to memory of 2296	2660	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\1672e3990f038c73d1c4126f30cbcf7a.exe
"C:\Users\Admin\AppData\Local\Temp\1672e3990f038c73d1c4126f30cbcf7a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1672e3990f038c73d1c4126f30cbcf7a.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2784-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2784-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2784-2-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2784-4-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download