062b07dcdd2a03dba2eb84019f881d62d61a48b094a7a01764f8d7ab33b0989d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46af24af1722e93e004b382a4f514198.exe
Size

470KB
MD5

46af24af1722e93e004b382a4f514198
SHA1

ee5aa0c87be2e6f963b8938bc435cc71a0c9c0d2
SHA256

062b07dcdd2a03dba2eb84019f881d62d61a48b094a7a01764f8d7ab33b0989d
SHA512

fc03264225dd2c5049ae5a4c5a21d09aee28004c900316fca2653810d6be3bb4011202a183a92bb80c7d9fe16d130c9118ad0282e052f587cca265502c0d26f9
SSDEEP

6144:uCMmrKJ1uRdEcZ/vkiR8hozHiFNzsPNvCVieCtqkOSnd509p1q57F9Vnv:ul7cZ/vFRfew9amnO4D09pi7Ffv

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2816	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2788	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2816	2148	46af24af1722e93e004b382a4f514198.exe	30
PID 2148 wrote to memory of 2816	2148	46af24af1722e93e004b382a4f514198.exe	30
PID 2148 wrote to memory of 2816	2148	46af24af1722e93e004b382a4f514198.exe	30
PID 2148 wrote to memory of 2816	2148	46af24af1722e93e004b382a4f514198.exe	30
PID 2816 wrote to memory of 2788	2816	cmd.exe	32
PID 2816 wrote to memory of 2788	2816	cmd.exe	32
PID 2816 wrote to memory of 2788	2816	cmd.exe	32
PID 2816 wrote to memory of 2788	2816	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\46af24af1722e93e004b382a4f514198.exe
"C:\Users\Admin\AppData\Local\Temp\46af24af1722e93e004b382a4f514198.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\46af24af1722e93e004b382a4f514198.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2148-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2148-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download