16acf5004d0530200abbdcbb41aca383cabfb0795f45c487a75b42ddb03d0cb6

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1df6890e353c4ac767d26fb07d7c8272.exe
Size

458KB
MD5

1df6890e353c4ac767d26fb07d7c8272
SHA1

45e95d22ae21783a471cbf93f08d0a5f65a122d3
SHA256

16acf5004d0530200abbdcbb41aca383cabfb0795f45c487a75b42ddb03d0cb6
SHA512

5b966fb30e547a7fd13dd3b4515ae5e11d241542151446c5682e56cfdd27fe52b4d9b32cc371715a8db75246bcab70cede20a7d4a9c38da16171068fb623fa13
SSDEEP

12288:toTbJ121v3Hqjzy2KoGK/pdADPa5PmirHS:to5yfHV2KoF/pdADUPmAS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2976	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2140	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2976	1340	1df6890e353c4ac767d26fb07d7c8272.exe	33
PID 1340 wrote to memory of 2976	1340	1df6890e353c4ac767d26fb07d7c8272.exe	33
PID 1340 wrote to memory of 2976	1340	1df6890e353c4ac767d26fb07d7c8272.exe	33
PID 1340 wrote to memory of 2976	1340	1df6890e353c4ac767d26fb07d7c8272.exe	33
PID 2976 wrote to memory of 2140	2976	cmd.exe	35
PID 2976 wrote to memory of 2140	2976	cmd.exe	35
PID 2976 wrote to memory of 2140	2976	cmd.exe	35
PID 2976 wrote to memory of 2140	2976	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\1df6890e353c4ac767d26fb07d7c8272.exe
"C:\Users\Admin\AppData\Local\Temp\1df6890e353c4ac767d26fb07d7c8272.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1df6890e353c4ac767d26fb07d7c8272.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-0-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1340-1-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1340-2-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1340-4-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download