6181fd5959f56dd52bc22c7c645b9715dd66d61e7c61500c825c1337eca93aa6

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d35b7c1bd099d1853cfdc795e89f022.exe
Size

488KB
MD5

5d35b7c1bd099d1853cfdc795e89f022
SHA1

d45bbd984595bedeb691adabfb3d1c8c7244b20a
SHA256

6181fd5959f56dd52bc22c7c645b9715dd66d61e7c61500c825c1337eca93aa6
SHA512

b83ed50c106d80ac1edaba3128dd945cee58f8bbbabfc0190197c4d76224bdb15442c3ead3e72e244e6b768eef86cf195cc55cfe6d7cae76a132f5dee01bd7ed
SSDEEP

12288:FytbV3kSoXaLnToslKlmq8g2DBBI0t95M2R:Eb5kSYaLTVlK78f3Ioo2R

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3488	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1244	5d35b7c1bd099d1853cfdc795e89f022.exe
1244	5d35b7c1bd099d1853cfdc795e89f022.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1244	5d35b7c1bd099d1853cfdc795e89f022.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 4308	1244	5d35b7c1bd099d1853cfdc795e89f022.exe	22
PID 1244 wrote to memory of 4308	1244	5d35b7c1bd099d1853cfdc795e89f022.exe	22
PID 4308 wrote to memory of 3488	4308	cmd.exe	18
PID 4308 wrote to memory of 3488	4308	cmd.exe	18

C:\Users\Admin\AppData\Local\Temp\5d35b7c1bd099d1853cfdc795e89f022.exe
"C:\Users\Admin\AppData\Local\Temp\5d35b7c1bd099d1853cfdc795e89f022.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\5d35b7c1bd099d1853cfdc795e89f022.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4308

C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 6000
1⤵
- Runs ping.exe
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...