5e43c249024566adc4a792e32e374bc485a984df6e9bd7cb74a94aac079b55da

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15cfe7e15a9de8c877fa43f7e3af92e6.exe
Size

488KB
MD5

15cfe7e15a9de8c877fa43f7e3af92e6
SHA1

9ef32a235b5bc45754700a09d13bc7d5fbd0a067
SHA256

5e43c249024566adc4a792e32e374bc485a984df6e9bd7cb74a94aac079b55da
SHA512

155c52e2cefe56bcb0356e7ea6f864597bf9a5a8cd8c502926937d4403f3102bd2a53c116101efecb1e25e561720e2fc5e8b069bd9a4eae753033005f1c92d03
SSDEEP

12288:FytbV3kSoXaLnToslA4h0NOBegAmM4LfkFUBo0W:Eb5kSYaLTVlh0oxK4LsiKh

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
856	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1564	15cfe7e15a9de8c877fa43f7e3af92e6.exe
1564	15cfe7e15a9de8c877fa43f7e3af92e6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1564	15cfe7e15a9de8c877fa43f7e3af92e6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4320	1564	15cfe7e15a9de8c877fa43f7e3af92e6.exe	88
PID 1564 wrote to memory of 4320	1564	15cfe7e15a9de8c877fa43f7e3af92e6.exe	88
PID 4320 wrote to memory of 856	4320	cmd.exe	90
PID 4320 wrote to memory of 856	4320	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\15cfe7e15a9de8c877fa43f7e3af92e6.exe
"C:\Users\Admin\AppData\Local\Temp\15cfe7e15a9de8c877fa43f7e3af92e6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\15cfe7e15a9de8c877fa43f7e3af92e6.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads