1b17cbb75b5fc4b746761e0ba24ecd78084eaf885208f4d6d42170d081a0b8d4

Analysis

max time kernel
154s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40364d01c669fec853b9aae03344ab0e.exe
Size

1.6MB
MD5

40364d01c669fec853b9aae03344ab0e
SHA1

4b90f3bd2237f8ca32ade818c6019be6c75f4182
SHA256

1b17cbb75b5fc4b746761e0ba24ecd78084eaf885208f4d6d42170d081a0b8d4
SHA512

14a76763794fa4d085aaa003e4e9dfc15f9ef6b2b7521caf514c65080cfc67324f754a5176b42cdb6f8b1d12a2e4685ee30c533b6073884e05db26384e2aa402
SSDEEP

24576:Eb5kSYaLTVlwfmnAwYW4Qogjc7u0RkUsrS6p7Vb3hvhpmTChf6dnPhYnc0wa+cgE:Eb5k2L5KoAwUwc7u01GZVbxKCAPfU

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
740	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5112	40364d01c669fec853b9aae03344ab0e.exe
5112	40364d01c669fec853b9aae03344ab0e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5112	40364d01c669fec853b9aae03344ab0e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 2164	5112	40364d01c669fec853b9aae03344ab0e.exe	88
PID 5112 wrote to memory of 2164	5112	40364d01c669fec853b9aae03344ab0e.exe	88
PID 2164 wrote to memory of 740	2164	cmd.exe	90
PID 2164 wrote to memory of 740	2164	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\40364d01c669fec853b9aae03344ab0e.exe
"C:\Users\Admin\AppData\Local\Temp\40364d01c669fec853b9aae03344ab0e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\40364d01c669fec853b9aae03344ab0e.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads