543e6294f52af15f57f665d39efeeb943c3555ca62f9e0e1006619cd118da2e8

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7522d78479092bc6853565947f62ace9.exe
Size

528KB
MD5

7522d78479092bc6853565947f62ace9
SHA1

f6eaed590e7e25ccaa79b2f0dfd291399085f3fb
SHA256

543e6294f52af15f57f665d39efeeb943c3555ca62f9e0e1006619cd118da2e8
SHA512

c9707019e304f3063510af3308607b299add425006c4b8185a6579a1284f6055e464e13b949bcda80a280832e6ea2e1228e5f48ce112854185dcf7e8aed525ed
SSDEEP

12288:FytbV3kSoXaLnToslsWsl1ujw5iNZ4QYS8Kls88Dbar:Eb5kSYaLTVlsxdMZ4Qna8WU

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2140 cmd.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

1984 PING.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

7522d78479092bc6853565947f62ace9.exe

pid process

1632 7522d78479092bc6853565947f62ace9.exe
1632 7522d78479092bc6853565947f62ace9.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

7522d78479092bc6853565947f62ace9.exe

description pid process

Token: SeDebugPrivilege 1632 7522d78479092bc6853565947f62ace9.exe

pid	process
2140	cmd.exe

pid	process
1984	PING.EXE

pid	process
1632	7522d78479092bc6853565947f62ace9.exe
1632	7522d78479092bc6853565947f62ace9.exe

description	pid	process
Token: SeDebugPrivilege	1632	7522d78479092bc6853565947f62ace9.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

7522d78479092bc6853565947f62ace9.execmd.exe

description	pid	process	target process
PID 1632 wrote to memory of 2140	1632	7522d78479092bc6853565947f62ace9.exe	cmd.exe
PID 1632 wrote to memory of 2140	1632	7522d78479092bc6853565947f62ace9.exe	cmd.exe
PID 1632 wrote to memory of 2140	1632	7522d78479092bc6853565947f62ace9.exe	cmd.exe
PID 2140 wrote to memory of 1984	2140	cmd.exe	PING.EXE
PID 2140 wrote to memory of 1984	2140	cmd.exe	PING.EXE
PID 2140 wrote to memory of 1984	2140	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\7522d78479092bc6853565947f62ace9.exe
"C:\Users\Admin\AppData\Local\Temp\7522d78479092bc6853565947f62ace9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1632

C:\Windows\system32\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\7522d78479092bc6853565947f62ace9.exe"
2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2140

C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 6000
3⤵
- Runs ping.exe
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads