c7d478976e6790573251812a1f798c8466271a12ae6819b14605c9fd9f1ee119

Analysis

max time kernel
147s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38397a2519b43cfbae5f5c0dcdd8e85b.exe
Size

488KB
MD5

38397a2519b43cfbae5f5c0dcdd8e85b
SHA1

b0aa695e6dbc1aae50597151ab8e21e525098286
SHA256

c7d478976e6790573251812a1f798c8466271a12ae6819b14605c9fd9f1ee119
SHA512

c246b27d36f7398aaf38e93b01d9360247ecff5e7a97241a34cd35eeb519a8900409a714b2911602eadd5cde650c4b4d52946d0cb6d98a902509bf66a4a48462
SSDEEP

12288:FytbV3kSoXaLnToslfuRkLzkXF3guWkpjHKDh:Eb5kSYaLTVlfumLzMgjkRo

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2612	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1492	38397a2519b43cfbae5f5c0dcdd8e85b.exe
1492	38397a2519b43cfbae5f5c0dcdd8e85b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1492	38397a2519b43cfbae5f5c0dcdd8e85b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 432	1492	38397a2519b43cfbae5f5c0dcdd8e85b.exe	70
PID 1492 wrote to memory of 432	1492	38397a2519b43cfbae5f5c0dcdd8e85b.exe	70
PID 432 wrote to memory of 2612	432	cmd.exe	67
PID 432 wrote to memory of 2612	432	cmd.exe	67

C:\Users\Admin\AppData\Local\Temp\38397a2519b43cfbae5f5c0dcdd8e85b.exe
"C:\Users\Admin\AppData\Local\Temp\38397a2519b43cfbae5f5c0dcdd8e85b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\38397a2519b43cfbae5f5c0dcdd8e85b.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:432

C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 6000
1⤵
- Runs ping.exe
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads