1567ef3099b739d0ff6e9af4ad6541c77daab2447e3f23fd8b173ac2bf83d56c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cae8db32f94997e38e2ac594edf0180.exe
Size

390KB
MD5

1cae8db32f94997e38e2ac594edf0180
SHA1

6f371d08830ef9074726e322e99c8d5c5eda06be
SHA256

1567ef3099b739d0ff6e9af4ad6541c77daab2447e3f23fd8b173ac2bf83d56c
SHA512

df7f2bf13806508ff3cfba12ed6a816800640ba76ecc8aa411cb1579f86d0b542cd43c6228db229940dd2169124ac57b57f2d6a681634042d5fcf17df4bccde9
SSDEEP

12288:DX/Z5pouH+cQ+33MO26t00p6jxKCPVsTTHHHHCHHHHHHHHHHHHHHHhHHH0HHHHHP:DXx5F+GMO26t00olK8wHHHCHHHHHHHHW

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2740	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2864	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2740	1716	1cae8db32f94997e38e2ac594edf0180.exe	33
PID 1716 wrote to memory of 2740	1716	1cae8db32f94997e38e2ac594edf0180.exe	33
PID 1716 wrote to memory of 2740	1716	1cae8db32f94997e38e2ac594edf0180.exe	33
PID 1716 wrote to memory of 2740	1716	1cae8db32f94997e38e2ac594edf0180.exe	33
PID 2740 wrote to memory of 2864	2740	cmd.exe	31
PID 2740 wrote to memory of 2864	2740	cmd.exe	31
PID 2740 wrote to memory of 2864	2740	cmd.exe	31
PID 2740 wrote to memory of 2864	2740	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\1cae8db32f94997e38e2ac594edf0180.exe
"C:\Users\Admin\AppData\Local\Temp\1cae8db32f94997e38e2ac594edf0180.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1cae8db32f94997e38e2ac594edf0180.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2740

C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
1⤵
- Runs ping.exe
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-1-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1716-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1716-2-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1716-4-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download