890a271ec0d9d6f5fc5cb64985b24b05396179b289015b4d44fd7133f2318042

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cf0d57d0f668809b0ffa2b77aa0bb60.exe
Size

488KB
MD5

8cf0d57d0f668809b0ffa2b77aa0bb60
SHA1

188910b9305b39b3229f2c53027ade485eb848f4
SHA256

890a271ec0d9d6f5fc5cb64985b24b05396179b289015b4d44fd7133f2318042
SHA512

86d5e0c220d94784ef13883479d3d7f025dc3c88afe52d8fba795e02081bc2691c8e09bb466cb5731c3ee1670982290c462637ba6d5bbc805b6b1ceb35364d24
SSDEEP

12288:FytbV3kSoXaLnToslBigJoWVghfzWcit1BBrBB1ksw8:Eb5kSYaLTVlBigObMtHB1c8

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3628	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1332	8cf0d57d0f668809b0ffa2b77aa0bb60.exe
1332	8cf0d57d0f668809b0ffa2b77aa0bb60.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1332	8cf0d57d0f668809b0ffa2b77aa0bb60.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 2644	1332	8cf0d57d0f668809b0ffa2b77aa0bb60.exe	84
PID 1332 wrote to memory of 2644	1332	8cf0d57d0f668809b0ffa2b77aa0bb60.exe	84
PID 2644 wrote to memory of 3628	2644	cmd.exe	86
PID 2644 wrote to memory of 3628	2644	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\8cf0d57d0f668809b0ffa2b77aa0bb60.exe
"C:\Users\Admin\AppData\Local\Temp\8cf0d57d0f668809b0ffa2b77aa0bb60.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\8cf0d57d0f668809b0ffa2b77aa0bb60.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads