89240611c25f9683f1c837b668a2db12c43ed8503b58f6af87c161bb7fd6fc3c

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e845b930678b0610feb634544df6840.exe
Size

316KB
MD5

7e845b930678b0610feb634544df6840
SHA1

ece1fd236d811ff1d10a09444bd1d012f2fc6106
SHA256

89240611c25f9683f1c837b668a2db12c43ed8503b58f6af87c161bb7fd6fc3c
SHA512

ec96b388608b933e3be61c13277c0cc3085497625a52f7b581a6dc061c7ecb4a46a2b0214efdc23350773d254875a683493fb8f0d3152606513e2be6fbe12a55
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEzljWLhT:FytbV3kSoXaLnToslKljWFT

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3752	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4980	7e845b930678b0610feb634544df6840.exe
4980	7e845b930678b0610feb634544df6840.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4980	7e845b930678b0610feb634544df6840.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 828	4980	7e845b930678b0610feb634544df6840.exe	84
PID 4980 wrote to memory of 828	4980	7e845b930678b0610feb634544df6840.exe	84
PID 828 wrote to memory of 3752	828	cmd.exe	86
PID 828 wrote to memory of 3752	828	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\7e845b930678b0610feb634544df6840.exe
"C:\Users\Admin\AppData\Local\Temp\7e845b930678b0610feb634544df6840.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\7e845b930678b0610feb634544df6840.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:828
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads