1f6fe175467b2b14410b2563bf105eddbd6436be3959e34cb303511d1c4082d3

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 02:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

85ba272156bbe1963f0456ce772868aa.exe
Size

544KB
MD5

85ba272156bbe1963f0456ce772868aa
SHA1

aed1b87679516b82813e44eb15b55f316b602b91
SHA256

1f6fe175467b2b14410b2563bf105eddbd6436be3959e34cb303511d1c4082d3
SHA512

52884f606e70551f0f7c3305c3101f6aa06d6dae5bf837734e14ab91de6b91fdc8c0ab76c804a7c0a9e5204416eb8fba75f7f9c6ba96f61a3af44af1ff547384
SSDEEP

12288:FytbV3kSoXaLnToslQPzB298C0zTOjYr1Qga:Eb5kSYaLTVlezB2qzen

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2236	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3668	85ba272156bbe1963f0456ce772868aa.exe
3668	85ba272156bbe1963f0456ce772868aa.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3668	85ba272156bbe1963f0456ce772868aa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3864	3668	85ba272156bbe1963f0456ce772868aa.exe	85
PID 3668 wrote to memory of 3864	3668	85ba272156bbe1963f0456ce772868aa.exe	85
PID 3864 wrote to memory of 2236	3864	cmd.exe	87
PID 3864 wrote to memory of 2236	3864	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\85ba272156bbe1963f0456ce772868aa.exe
"C:\Users\Admin\AppData\Local\Temp\85ba272156bbe1963f0456ce772868aa.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\85ba272156bbe1963f0456ce772868aa.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3864
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads