242970250dd255fb09c12558ffb63135df95c33a75de3030ce8e01cf8b34a748

Analysis

max time kernel
132s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f877529129c2b7458a5bcf7d8a991d9.exe
Size

458KB
MD5

7f877529129c2b7458a5bcf7d8a991d9
SHA1

86040f77a9444134da0d4ae5427e0a10bc86b81b
SHA256

242970250dd255fb09c12558ffb63135df95c33a75de3030ce8e01cf8b34a748
SHA512

d272fc5bf390cbe330d82c704a995e06d950d1d1774823f237cdcec2789a61e2fbcfd50100c614fd113c97969114712b313f11ad546f7d81d03d9cdc0a5ae195
SSDEEP

6144:wJ6VANOasIMiWxBdMt3VcOmHiMGyWbeSXR7e80sYsES29:wcObyByt3VEgFeS729

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4664	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 4916	3524	7f877529129c2b7458a5bcf7d8a991d9.exe	94
PID 3524 wrote to memory of 4916	3524	7f877529129c2b7458a5bcf7d8a991d9.exe	94
PID 3524 wrote to memory of 4916	3524	7f877529129c2b7458a5bcf7d8a991d9.exe	94
PID 4916 wrote to memory of 4664	4916	cmd.exe	96
PID 4916 wrote to memory of 4664	4916	cmd.exe	96
PID 4916 wrote to memory of 4664	4916	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\7f877529129c2b7458a5bcf7d8a991d9.exe
"C:\Users\Admin\AppData\Local\Temp\7f877529129c2b7458a5bcf7d8a991d9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\7f877529129c2b7458a5bcf7d8a991d9.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3524-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3524-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3524-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3524-4-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download