168a236c5bc52c4ae0eabda12516c30ba578f7c21ded637b329f199791e46c90

Analysis

max time kernel
102s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7da5e330dff8a94b548d6f832908364.exe
Size

446KB
MD5

f7da5e330dff8a94b548d6f832908364
SHA1

41c3cc5a075f63adf08a98ef8da37eb5175247dc
SHA256

168a236c5bc52c4ae0eabda12516c30ba578f7c21ded637b329f199791e46c90
SHA512

d568e8fd4df00d40b3fe2d1ed3ec1d5a156af68f71b20c4e3f57a3456ff2d06069f8ac2788992b5f71491aff8e1f82ca75f4508c9bad7d7b72f4f104b3e246ff
SSDEEP

12288:D0mykYyMziBa2JJt1j9Z6AVu2hsiWAsu8:AmDvJJj7Ho2Lt8

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4728	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 3384	3492	f7da5e330dff8a94b548d6f832908364.exe	97
PID 3492 wrote to memory of 3384	3492	f7da5e330dff8a94b548d6f832908364.exe	97
PID 3492 wrote to memory of 3384	3492	f7da5e330dff8a94b548d6f832908364.exe	97
PID 3384 wrote to memory of 4728	3384	cmd.exe	99
PID 3384 wrote to memory of 4728	3384	cmd.exe	99
PID 3384 wrote to memory of 4728	3384	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\f7da5e330dff8a94b548d6f832908364.exe
"C:\Users\Admin\AppData\Local\Temp\f7da5e330dff8a94b548d6f832908364.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\f7da5e330dff8a94b548d6f832908364.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3384
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3492-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3492-1-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3492-2-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3492-3-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download