Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
24/12/2023, 16:32
General
-
Target
05e0f2a2a0cc365cce0a4584c616164d.exe
-
Size
318KB
-
MD5
05e0f2a2a0cc365cce0a4584c616164d
-
SHA1
2c7fb1eb74182d9c7cc85f85fe4fb887b1e93844
-
SHA256
be1586e352db3fa2fdc1072585c28ac9f50ed7eaef4eea9a6ac0afa5623fb396
-
SHA512
471388986ac117ad58b6cc410a302f380746f13047e452b53e181c813364e9e7e85a0d566875773dd1f5bec69da19b57994e77a274cf3a27de286604aa15dc74
-
SSDEEP
6144:7FkLQrMQ5iz/DKzpaLsi3xZWeKP8EytCgJn5gotBpAuS8BqxuJF:hkLQrMQ5iPSaLvTW8sa+oZABUJF
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05e0f2a2a0cc365cce0a4584c616164d.exe"C:\Users\Admin\AppData\Local\Temp\05e0f2a2a0cc365cce0a4584c616164d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\05e0f2a2a0cc365cce0a4584c616164d.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
324KB
-
Filesize
324KB
-
Filesize
324KB
-
Filesize
324KB