c1e1bd733564a70f30b59bc7b8067bf47512d70d71c15b18f49b5bec2891cb44

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ping.exe
Size

4.9MB
MD5

48f8b3a6e6ab2951e5f972df408beffc
SHA1

9674eed0c3267c448a57ccd50025e588826a8ac2
SHA256

c1e1bd733564a70f30b59bc7b8067bf47512d70d71c15b18f49b5bec2891cb44
SHA512

ae0c735878a082b73a130208d290eee8273bd22a161bedd595913c7e4382e473c02ecbeb578fcc1aa8a7e946763fd746f77d25a10d40e2ca62314311e6c00140
SSDEEP

98304:gP9cvyVyGHAeBSut+aFNnLlPLeqNZ8hY/oKbxabdDkEduupRUWseRu4kGiJ:C9zlX+aFFLlPKQ8hY/ukRWshp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2876	ping.exe
2876	ping.exe
2876	ping.exe
2876	ping.exe
2876	ping.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
2920	ping.exe
2876	ping.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2876	2920	ping.exe	29
PID 2920 wrote to memory of 2876	2920	ping.exe	29
PID 2920 wrote to memory of 2876	2920	ping.exe	29
PID 2920 wrote to memory of 2876	2920	ping.exe	29

C:\Users\Admin\AppData\Local\Temp\ping.exe
"C:\Users\Admin\AppData\Local\Temp\ping.exe"
1⤵
- Runs ping.exe
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\ping.exe
  "C:\Users\Admin\AppData\Local\Temp\ping.exe"
  2⤵
  - Loads dropped DLL
  - Runs ping.exe
  PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29202\ping.exe.manifest

Filesize
1008B

MD5
e7b02512aad7ee752a28276e6dd9daf9

SHA1
8cb11762a7b54d89f698787d9b9372baf7b11f23

SHA256
f4b0fc5c1fe458525b8bf35b06476fa76ac7d6d5c8cc05a502252c09c1fc23f9

SHA512
c1b8fec38cda5bcbeb818ea4a0d0b3085d9605e72b1aa15dff5ae78d227b31e0e26a8aa0cf3a2bba2efcac7eaaa115ca0124e9096cbaa09ce410844b25d0f2fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\python27.dll

Filesize
2.5MB

MD5
f5c5c0d5d9e93d6e8cb66b825cd06230

SHA1
da7be79dd502a89cf6f23476e5f661eebd89342b

SHA256
e3eed66221a6552d4b9ae7350b3dc30de238a6029efae060514d2780c02fedb4

SHA512
8a13b15884f8450396b8f18597dfe62f0e13e7ab524d95de5b7b0497a64e52f26b22f977803280b1916fc2b45c52a92ab501a6fb8ad86970d8326be72f735279

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29~1\_ssl.pyd

Filesize
1.3MB

MD5
9b59be1fa8427368c4e0e763f578d74c

SHA1
7287fe431a0a67aa41e9952906759746ddcffad1

SHA256
4ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026

SHA512
6905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29~1\select.pyd

Filesize
10KB

MD5
efb6435cb9fb6462132181738c729885

SHA1
0931e3aa2682fdf676b9b6009e8ca8f92f014e7e

SHA256
039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2

SHA512
6d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29~1\_ctypes.pyd

Filesize
89KB

MD5
9e6c48ec9508423d0ce6b6e4d4a10d90

SHA1
82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

SHA256
b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

SHA512
37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29~1\_socket.pyd

Filesize
45KB

MD5
600de8a82e2204e88df27714687f88b9

SHA1
dac20e0bf5482a6f09648648bc4d38562473c89e

SHA256
a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

SHA512
3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

Download Submit