102383a2e13dd10b324af14e58c0d8b7a28fa92dde04c54f13d46c41f977599a

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1672e3990f038c73d1c4126f30cbcf7a.exe
Size

385KB
MD5

1672e3990f038c73d1c4126f30cbcf7a
SHA1

9a786aa266fd95d8bb4e3d649ae1454f3d77a0cf
SHA256

102383a2e13dd10b324af14e58c0d8b7a28fa92dde04c54f13d46c41f977599a
SHA512

d1be2cc9cabf9eda134fb6d483e5a1cd1018ab9f7e7a649d1e99009d7979b4afc4683da8782dcc4b1d984d7d7406b9607a3025f1ac747df2604892e570289e46
SSDEEP

6144:/OR5BsjMm8nMwVwk55wi6WRhCZPkX6dZ+1ipGEMi1Mcjt6Fut4+XxnCGb:WR5mjgVwkiWXCZkX6dZQD/Ek8CGb

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2020	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1328	224	1672e3990f038c73d1c4126f30cbcf7a.exe	92
PID 224 wrote to memory of 1328	224	1672e3990f038c73d1c4126f30cbcf7a.exe	92
PID 224 wrote to memory of 1328	224	1672e3990f038c73d1c4126f30cbcf7a.exe	92
PID 1328 wrote to memory of 2020	1328	cmd.exe	90
PID 1328 wrote to memory of 2020	1328	cmd.exe	90
PID 1328 wrote to memory of 2020	1328	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\1672e3990f038c73d1c4126f30cbcf7a.exe
"C:\Users\Admin\AppData\Local\Temp\1672e3990f038c73d1c4126f30cbcf7a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1672e3990f038c73d1c4126f30cbcf7a.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1328

C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
1⤵
- Runs ping.exe
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/224-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/224-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/224-2-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download