bf3c1b36fb3277b825ce146c178e7673a0ee8bf3eae993d9e6d52116cb519e64

Analysis

max time kernel
166s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 04:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05258aea41c63f093b00da2dd47d486b.exe
Size

488KB
MD5

05258aea41c63f093b00da2dd47d486b
SHA1

3d91da5b3bbbfb40c814f3d7747a2f9cee214e5c
SHA256

bf3c1b36fb3277b825ce146c178e7673a0ee8bf3eae993d9e6d52116cb519e64
SHA512

aecf1fecd58b9ccc1977ab0d6f4df1ab00a8c969e77829ae8a22ce456c02e634e50d317a80e4d5e9278589a5ffd705ab46226f7becd0fbbf710b32dc6469909d
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEe3YpPsta7u0e4BVfXa7/eOBV7/7f8wZP7:FytbV3kSoXaLnTosl9oHuqUWGAogNm

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4696	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3912	05258aea41c63f093b00da2dd47d486b.exe
3912	05258aea41c63f093b00da2dd47d486b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3912	05258aea41c63f093b00da2dd47d486b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 3644	3912	05258aea41c63f093b00da2dd47d486b.exe	19
PID 3912 wrote to memory of 3644	3912	05258aea41c63f093b00da2dd47d486b.exe	19
PID 3644 wrote to memory of 4696	3644	cmd.exe	22
PID 3644 wrote to memory of 4696	3644	cmd.exe	22

C:\Users\Admin\AppData\Local\Temp\05258aea41c63f093b00da2dd47d486b.exe
"C:\Users\Admin\AppData\Local\Temp\05258aea41c63f093b00da2dd47d486b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\05258aea41c63f093b00da2dd47d486b.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3644
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads