cb8b28369ea435c6539992472c32fb0d9de24d41c5ac7ec7a93726c4da79102a

Analysis

max time kernel
1s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c8a923c15518be544dfe02583d62cc4.exe
Size

338KB
MD5

2c8a923c15518be544dfe02583d62cc4
SHA1

5feedba0251884e184f92160f24fd193f21b618e
SHA256

cb8b28369ea435c6539992472c32fb0d9de24d41c5ac7ec7a93726c4da79102a
SHA512

6db732d5e44b7981ce9ecb62a25506206eb200e7e4401a06a141505f35d8b59e429c526c9c0e46acdd749d408327bea8db0a74b636bc984e9060e858fbbb618a
SSDEEP

6144:67dNCochnZjv/rCm2ypRbNUQzmcgmtTMop91AtrRejBriq:6rCJhGypzUGmcBtxp9+lR6Riq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
864	taskkill.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3148	PING.EXE

C:\Users\Admin\AppData\Local\Temp\2c8a923c15518be544dfe02583d62cc4.exe
"C:\Users\Admin\AppData\Local\Temp\2c8a923c15518be544dfe02583d62cc4.exe"
1⤵
PID:2332
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c taskkill /f /pid 2332 & ping -n 3 127.1 & del /f /q "C:\Users\Admin\AppData\Local\Temp\2c8a923c15518be544dfe02583d62cc4.exe" & start C:\Users\Admin\AppData\Local\219706~1.EXE -f
  2⤵
  PID:3780
- - C:\Users\Admin\AppData\Local\2197064483.exe
    C:\Users\Admin\AppData\Local\219706~1.EXE -f
    3⤵
    PID:2392

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 2332
1⤵
- Kills process with taskkill
PID:864

C:\Windows\SysWOW64\PING.EXE
ping -n 3 127.1
1⤵
- Runs ping.exe
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-2-0x00000000005D0000-0x00000000006D0000-memory.dmp

Filesize
1024KB

Download
memory/2332-1-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2332-3-0x0000000000560000-0x0000000000562000-memory.dmp

Filesize
8KB

Download
memory/2332-5-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-10-0x0000000000600000-0x0000000000700000-memory.dmp

Filesize
1024KB

Download
memory/2392-11-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/2392-14-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-16-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-19-0x0000000000600000-0x0000000000700000-memory.dmp

Filesize
1024KB

Download
memory/2392-18-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-20-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/2392-21-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-23-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-25-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-28-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-30-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-32-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download
memory/2392-34-0x0000000001000000-0x000000000110EFF2-memory.dmp

Filesize
1.1MB

Download