Overview

overview

4

Static

static

4

PingCastle....1.zip

windows7-x64

1

PingCastle....1.zip

windows10-2004-x64

1

Active Dir....4.pdf

windows7-x64

1

Active Dir....4.pdf

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

PingCastle v3.0.0.pdf

windows7-x64

1

PingCastle v3.0.0.pdf

windows10-2004-x64

1

PingCastle.exe

windows7-x64

1

PingCastle.exe

windows10-2004-x64

1

PingCastle.exe.xml

windows7-x64

1

PingCastle.exe.xml

windows10-2004-x64

1

PingCastle.pdb

windows7-x64

3

PingCastle.pdb

windows10-2004-x64

3

PingCastle...er.exe

windows7-x64

1

PingCastle...er.exe

windows10-2004-x64

1

PingCastle...xe.xml

windows7-x64

1

PingCastle...xe.xml

windows10-2004-x64

1

PingCastle...er.pdb

windows7-x64

3

PingCastle...er.pdb

windows10-2004-x64

3

changelog.txt

windows7-x64

1

changelog.txt

windows10-2004-x64

1

license.rtf

windows7-x64

4

license.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2024 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PingCastle.pdb

  • Size

    2.8MB

  • MD5

    8043e887074434e6516b4c524f582821

  • SHA1

    a9f85694140148ca1f4a6288c678dbbf4c13c5dd

  • SHA256

    abdf1b3c68f3d2933e08e6138357cc1f921246cc4a20801511188e6598731084

  • SHA512

    fa00495c221a0ce8a2a72384dfaa74c751e936eb048b0eaf0bb99ded5e839cc00ceeac0fe60b7810528caebd52f69398348cf313ea860d8416f88d4781dda30c

  • SSDEEP

    12288:tZDF1+TYvuvJU0axYFSlB4R5WWuWb58sZ2Gj2LBNF4PtJb13372HwbOHhn/Hg4up:t5TtKBaxYFSb05AVBNF41Jbx2yOH5/S

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PingCastle.pdb
    1⤵
    • Modifies registry class
    PID:4208
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads