242970250dd255fb09c12558ffb63135df95c33a75de3030ce8e01cf8b34a748

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f877529129c2b7458a5bcf7d8a991d9.exe
Size

458KB
MD5

7f877529129c2b7458a5bcf7d8a991d9
SHA1

86040f77a9444134da0d4ae5427e0a10bc86b81b
SHA256

242970250dd255fb09c12558ffb63135df95c33a75de3030ce8e01cf8b34a748
SHA512

d272fc5bf390cbe330d82c704a995e06d950d1d1774823f237cdcec2789a61e2fbcfd50100c614fd113c97969114712b313f11ad546f7d81d03d9cdc0a5ae195
SSDEEP

6144:wJ6VANOasIMiWxBdMt3VcOmHiMGyWbeSXR7e80sYsES29:wcObyByt3VEgFeS729

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2600	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
584	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2600	2028	7f877529129c2b7458a5bcf7d8a991d9.exe	32
PID 2028 wrote to memory of 2600	2028	7f877529129c2b7458a5bcf7d8a991d9.exe	32
PID 2028 wrote to memory of 2600	2028	7f877529129c2b7458a5bcf7d8a991d9.exe	32
PID 2028 wrote to memory of 2600	2028	7f877529129c2b7458a5bcf7d8a991d9.exe	32
PID 2600 wrote to memory of 584	2600	cmd.exe	35
PID 2600 wrote to memory of 584	2600	cmd.exe	35
PID 2600 wrote to memory of 584	2600	cmd.exe	35
PID 2600 wrote to memory of 584	2600	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\7f877529129c2b7458a5bcf7d8a991d9.exe
"C:\Users\Admin\AppData\Local\Temp\7f877529129c2b7458a5bcf7d8a991d9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\7f877529129c2b7458a5bcf7d8a991d9.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2028-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2028-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2028-4-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download