154f60d8cd97c6b0d49e0ba47fe55352646a0f4f5ab565d622af1ff97a1190e1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fcecc4148f1da9d7d7b1aa8eeb4806b.exe
Size

458KB
MD5

3fcecc4148f1da9d7d7b1aa8eeb4806b
SHA1

cee4321bb08ffd61fdf05c5a9b73f9559397c5e5
SHA256

154f60d8cd97c6b0d49e0ba47fe55352646a0f4f5ab565d622af1ff97a1190e1
SHA512

58d0a6ecb81c6629a8d43cbe1af8736e9492168a2fa170befcae18f147d9ff1eb682dc46fc61843309c43125f771089c859d8c1d7b249268cbe520321ac6bb43
SSDEEP

6144:AJ6VANOasIMiWxBdMt3VcOmHiMGyWbeSXR7e80sYnES2T:AcObyByt3VEgFeV72T

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4668	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4324	1404	3fcecc4148f1da9d7d7b1aa8eeb4806b.exe	99
PID 1404 wrote to memory of 4324	1404	3fcecc4148f1da9d7d7b1aa8eeb4806b.exe	99
PID 1404 wrote to memory of 4324	1404	3fcecc4148f1da9d7d7b1aa8eeb4806b.exe	99
PID 4324 wrote to memory of 4668	4324	cmd.exe	101
PID 4324 wrote to memory of 4668	4324	cmd.exe	101
PID 4324 wrote to memory of 4668	4324	cmd.exe	101

C:\Users\Admin\AppData\Local\Temp\3fcecc4148f1da9d7d7b1aa8eeb4806b.exe
"C:\Users\Admin\AppData\Local\Temp\3fcecc4148f1da9d7d7b1aa8eeb4806b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\3fcecc4148f1da9d7d7b1aa8eeb4806b.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4324
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1404-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1404-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1404-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download