394ad018805bbf15b129fe29cccf897628c06a0b80289dcc9112930395135142

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2024 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fa9c19e63521249735cbf526e736c38.exe
Size

5.2MB
MD5

7fa9c19e63521249735cbf526e736c38
SHA1

9415790c5eb403f5261feb17908a70c35ed7fd24
SHA256

394ad018805bbf15b129fe29cccf897628c06a0b80289dcc9112930395135142
SHA512

f6d6580c7a4921ecab9aaa2d7a6025ccfaf6eedfad4760342f671760f2b8603643bda49dbc983ca1432e31dc1781529f1c5891a191161501ab3376bb143af5b7
SSDEEP

98304:EmCO55PSDXenY0SDnAOMjX8rWr3WkgBSsM4aazHd5VbSkqNXjo:Emj5+znARjX8SiDMZ2Hd3eNE

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4784	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1384	7fa9c19e63521249735cbf526e736c38.exe
1384	7fa9c19e63521249735cbf526e736c38.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1384	7fa9c19e63521249735cbf526e736c38.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 416	1384	7fa9c19e63521249735cbf526e736c38.exe	86
PID 1384 wrote to memory of 416	1384	7fa9c19e63521249735cbf526e736c38.exe	86
PID 416 wrote to memory of 4784	416	cmd.exe	87
PID 416 wrote to memory of 4784	416	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\7fa9c19e63521249735cbf526e736c38.exe
"C:\Users\Admin\AppData\Local\Temp\7fa9c19e63521249735cbf526e736c38.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\7fa9c19e63521249735cbf526e736c38.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:416
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads