060eaf1a8588735031974b7d74f007348404a5a2ef264df366ccf1579181e4c0

Analysis

max time kernel
121s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29ab9fbf354edc04a873bf8dab03f53a.exe
Size

457KB
MD5

29ab9fbf354edc04a873bf8dab03f53a
SHA1

399aea37c133ecdd2b7050a89b47fd6d27f31f64
SHA256

060eaf1a8588735031974b7d74f007348404a5a2ef264df366ccf1579181e4c0
SHA512

707a94f12cb43d986b186b35784a7e4fbb56d58be5092956594917bb59609471b521ea1a1a5f2a51fe58c6aac1c93df2f7709124e77f457e733c47eba96b9214
SSDEEP

12288:nHiQbnblTTyRu1zte/EzrQFR7ia8nh/O1D2grL:nC+nbtlte/IQn7iNnM16grL

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1344	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2608	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1344	2176	29ab9fbf354edc04a873bf8dab03f53a.exe	30
PID 2176 wrote to memory of 1344	2176	29ab9fbf354edc04a873bf8dab03f53a.exe	30
PID 2176 wrote to memory of 1344	2176	29ab9fbf354edc04a873bf8dab03f53a.exe	30
PID 2176 wrote to memory of 1344	2176	29ab9fbf354edc04a873bf8dab03f53a.exe	30
PID 1344 wrote to memory of 2608	1344	cmd.exe	31
PID 1344 wrote to memory of 2608	1344	cmd.exe	31
PID 1344 wrote to memory of 2608	1344	cmd.exe	31
PID 1344 wrote to memory of 2608	1344	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\29ab9fbf354edc04a873bf8dab03f53a.exe
"C:\Users\Admin\AppData\Local\Temp\29ab9fbf354edc04a873bf8dab03f53a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\29ab9fbf354edc04a873bf8dab03f53a.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2176-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2176-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2176-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download