4d2896778be5876ef8d129fc2f8f52a4d0a271f9a1dd2525bea088cde2c1028b

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12eecd81930886569d8171b38e87dc19.exe
Size

316KB
MD5

12eecd81930886569d8171b38e87dc19
SHA1

138ad2d4e8bbbaf5c5c3fa94c9f2e258299ea465
SHA256

4d2896778be5876ef8d129fc2f8f52a4d0a271f9a1dd2525bea088cde2c1028b
SHA512

1ecd11bc72d8d1016aba878931d9de5fa439c8de1760c3d7a81fcbc027a3834031e4fb0249fab669f2fb24389394c6cba44852e0a424914adcae0cc8c3d0a45c
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEl4K5iix:FytbV3kSoXaLnToslq4K5iix

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
116	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3680	12eecd81930886569d8171b38e87dc19.exe
3680	12eecd81930886569d8171b38e87dc19.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3680	12eecd81930886569d8171b38e87dc19.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3680 wrote to memory of 1276	3680	12eecd81930886569d8171b38e87dc19.exe	20
PID 3680 wrote to memory of 1276	3680	12eecd81930886569d8171b38e87dc19.exe	20
PID 1276 wrote to memory of 116	1276	cmd.exe	16
PID 1276 wrote to memory of 116	1276	cmd.exe	16

C:\Users\Admin\AppData\Local\Temp\12eecd81930886569d8171b38e87dc19.exe
"C:\Users\Admin\AppData\Local\Temp\12eecd81930886569d8171b38e87dc19.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3680
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\12eecd81930886569d8171b38e87dc19.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1276

C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 6000
1⤵
- Runs ping.exe
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads