72fcb4d3827f210060f8d01790e6b7c2f9f85c026cc6f665679fc63609283381

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63ab2268b347702b410408b97c589fea.exe
Size

644KB
MD5

63ab2268b347702b410408b97c589fea
SHA1

c6ec0aebd971e8c9bff5c131c57cca9fa489d0d2
SHA256

72fcb4d3827f210060f8d01790e6b7c2f9f85c026cc6f665679fc63609283381
SHA512

16801cd22c7c1251e1a4d64b64663385f26fd0a344f2db98855bcac94be55c0da12e85b9debadc5c37d7a934206cbb25f2f66cde55e9f6a388f42f75fd87eda3
SSDEEP

12288:FytbV3kSoXaLnToslE/X8n50Lfq2Ohq0I/3xrFrvLamTDCzJl:Eb5kSYaLTVlEk50W78/35FHbDCzT

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
972	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4472	63ab2268b347702b410408b97c589fea.exe
4472	63ab2268b347702b410408b97c589fea.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4472	63ab2268b347702b410408b97c589fea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 2096	4472	63ab2268b347702b410408b97c589fea.exe	85
PID 4472 wrote to memory of 2096	4472	63ab2268b347702b410408b97c589fea.exe	85
PID 2096 wrote to memory of 972	2096	cmd.exe	87
PID 2096 wrote to memory of 972	2096	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\63ab2268b347702b410408b97c589fea.exe
"C:\Users\Admin\AppData\Local\Temp\63ab2268b347702b410408b97c589fea.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\63ab2268b347702b410408b97c589fea.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads