809bc3a0b665d5f765bb4469c1a5e1c18ca47ef4462fb5107526f75d679b6911

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0920113eb017459cc13ced85b986e6fb.exe
Size

488KB
MD5

0920113eb017459cc13ced85b986e6fb
SHA1

92be36f319cdcb568040ac3d862eef3c8da7dc3d
SHA256

809bc3a0b665d5f765bb4469c1a5e1c18ca47ef4462fb5107526f75d679b6911
SHA512

b2d339e8bd3b67add8f1a1934aed829783ffee40d029f1c20e57dd9add162709d9667131440df0b2c8426b1339744fbf3a5e93cdaefc840f9063de4f3b71f994
SSDEEP

12288:FytbV3kSoXaLnToslfkwgvOnN2hyGx/AE3WdIra0:Eb5kSYaLTVlfRNMysNWia0

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1660	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3468	0920113eb017459cc13ced85b986e6fb.exe
3468	0920113eb017459cc13ced85b986e6fb.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3468	0920113eb017459cc13ced85b986e6fb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 408	3468	0920113eb017459cc13ced85b986e6fb.exe	88
PID 3468 wrote to memory of 408	3468	0920113eb017459cc13ced85b986e6fb.exe	88
PID 408 wrote to memory of 1660	408	cmd.exe	90
PID 408 wrote to memory of 1660	408	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\0920113eb017459cc13ced85b986e6fb.exe
"C:\Users\Admin\AppData\Local\Temp\0920113eb017459cc13ced85b986e6fb.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\0920113eb017459cc13ced85b986e6fb.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:408
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...