22d0326045e0d39ac693cbf66555fb5fb8bfe46c939be259f46c457d22d80c82

Analysis

max time kernel
150s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36b68961ef420d1b1cf70dc774e34e93.exe
Size

397KB
MD5

36b68961ef420d1b1cf70dc774e34e93
SHA1

8686f9f7250f6ec382f28e3fcaf0c1030402f051
SHA256

22d0326045e0d39ac693cbf66555fb5fb8bfe46c939be259f46c457d22d80c82
SHA512

4efa75a1a5e9a6f07e080d91409b7841e55bea30c5de12b86fdf672d0201aecfcf77020ab973d245e72b0b1d9d39daabb70175ae720674154b5f5a853d228673
SSDEEP

6144:ETjR5PrKF1qNFed5Sp8uq6zout2+/gG0QRXDxHG7fndoO/:EvRhCSp8uJouw+E8XDxm7fh/

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4680	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 3932	2728	36b68961ef420d1b1cf70dc774e34e93.exe	95
PID 2728 wrote to memory of 3932	2728	36b68961ef420d1b1cf70dc774e34e93.exe	95
PID 2728 wrote to memory of 3932	2728	36b68961ef420d1b1cf70dc774e34e93.exe	95
PID 3932 wrote to memory of 4680	3932	cmd.exe	97
PID 3932 wrote to memory of 4680	3932	cmd.exe	97
PID 3932 wrote to memory of 4680	3932	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\36b68961ef420d1b1cf70dc774e34e93.exe
"C:\Users\Admin\AppData\Local\Temp\36b68961ef420d1b1cf70dc774e34e93.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\36b68961ef420d1b1cf70dc774e34e93.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3932
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2728-1-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2728-2-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2728-3-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download