23477658d727ac1ba0839c105f2e361d15677ca803264bd1a1b2e786a1823766

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

66577ecf6daecc1c2fa84a5801434df2.exe
Size

458KB
MD5

66577ecf6daecc1c2fa84a5801434df2
SHA1

628a5341592da91b91e943ec69663b8525bae878
SHA256

23477658d727ac1ba0839c105f2e361d15677ca803264bd1a1b2e786a1823766
SHA512

d8719419ad3ce906c22e835cd1a371e1b82dca15c3a61d5fccbe4cea0a6deaa0791d07f1c429f91e3b35ca8c1208c149a6bdadf7c7e153d973eb1942446acf15
SSDEEP

6144:3fCleiQdMr7MZH/sEibAH5cne9hB1Z7mvGS5S+MTEOZqLn6it6f+K:Ppi7MZH+k5cnihBLu5SzE9z6nz

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2604	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2708	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2604	2436	66577ecf6daecc1c2fa84a5801434df2.exe	31
PID 2436 wrote to memory of 2604	2436	66577ecf6daecc1c2fa84a5801434df2.exe	31
PID 2436 wrote to memory of 2604	2436	66577ecf6daecc1c2fa84a5801434df2.exe	31
PID 2436 wrote to memory of 2604	2436	66577ecf6daecc1c2fa84a5801434df2.exe	31
PID 2604 wrote to memory of 2708	2604	cmd.exe	33
PID 2604 wrote to memory of 2708	2604	cmd.exe	33
PID 2604 wrote to memory of 2708	2604	cmd.exe	33
PID 2604 wrote to memory of 2708	2604	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\66577ecf6daecc1c2fa84a5801434df2.exe
"C:\Users\Admin\AppData\Local\Temp\66577ecf6daecc1c2fa84a5801434df2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\66577ecf6daecc1c2fa84a5801434df2.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2436-0-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2436-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2436-2-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2436-4-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download