13a1f2c9d55e100d01a8443a74fad2768b28e3228e691e68cc49c132c179f4f8

Analysis

max time kernel
122s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6545d99d9fc0b631695910bc7a1d74d1.exe
Size

466KB
MD5

6545d99d9fc0b631695910bc7a1d74d1
SHA1

683dd93da79d9a212fd41a930be7278e8d9dd8ea
SHA256

13a1f2c9d55e100d01a8443a74fad2768b28e3228e691e68cc49c132c179f4f8
SHA512

c15bf8f357637cb4259ab02013739d741acf92c6f6e360e86199e7e36ffbb8f02fab37d53235c59ab23dbaef9f1c307dd761ea86405111ed6d25c246ac9aec6b
SSDEEP

6144:8nkgq6ik5BaljNRu0MNm8c8hhaW7Ql5vzRVIxBo4Fnd+ToW0Cxivfwy2R2fnv:8nkBkHaljNg5vjhq5vHYBJ+t0Cxawybv

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1524	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2916	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 1524	2676	6545d99d9fc0b631695910bc7a1d74d1.exe	32
PID 2676 wrote to memory of 1524	2676	6545d99d9fc0b631695910bc7a1d74d1.exe	32
PID 2676 wrote to memory of 1524	2676	6545d99d9fc0b631695910bc7a1d74d1.exe	32
PID 2676 wrote to memory of 1524	2676	6545d99d9fc0b631695910bc7a1d74d1.exe	32
PID 1524 wrote to memory of 2916	1524	cmd.exe	33
PID 1524 wrote to memory of 2916	1524	cmd.exe	33
PID 1524 wrote to memory of 2916	1524	cmd.exe	33
PID 1524 wrote to memory of 2916	1524	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\6545d99d9fc0b631695910bc7a1d74d1.exe
"C:\Users\Admin\AppData\Local\Temp\6545d99d9fc0b631695910bc7a1d74d1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\6545d99d9fc0b631695910bc7a1d74d1.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2676-0-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2676-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2676-2-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2676-3-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download