953b9245093eee2b5ed8608b70c93db53ee73d2b28eb8da49412b4ad791b3b52

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1343d504a25ad50ee1aa55d0355805fc.exe
Size

316KB
MD5

1343d504a25ad50ee1aa55d0355805fc
SHA1

9857d3b4d75e5c03ddc58dbe111db407c55f0ab1
SHA256

953b9245093eee2b5ed8608b70c93db53ee73d2b28eb8da49412b4ad791b3b52
SHA512

267ce23c24c92e59d18bf590b8315736b958701ca245d12bf8d64234151233c54e453b7d0e225cd165e0f7c78319886c5326b7f33d2c3562f13b28078fb76869
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEIiexT4:FytbV3kSoXaLnToslbi3

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
752	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2348	1343d504a25ad50ee1aa55d0355805fc.exe
2348	1343d504a25ad50ee1aa55d0355805fc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2348	1343d504a25ad50ee1aa55d0355805fc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1628	2348	1343d504a25ad50ee1aa55d0355805fc.exe	89
PID 2348 wrote to memory of 1628	2348	1343d504a25ad50ee1aa55d0355805fc.exe	89
PID 1628 wrote to memory of 752	1628	cmd.exe	91
PID 1628 wrote to memory of 752	1628	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\1343d504a25ad50ee1aa55d0355805fc.exe
"C:\Users\Admin\AppData\Local\Temp\1343d504a25ad50ee1aa55d0355805fc.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1343d504a25ad50ee1aa55d0355805fc.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads