7e17575b7e8c9b1622b1215761ac5979fe75a145e2ee15d1572d2d91e20402c2

Analysis

max time kernel
146s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a265dff281036bd8cbba8a55566f584e.exe
Size

316KB
MD5

a265dff281036bd8cbba8a55566f584e
SHA1

1afe3fb0f8b7258530b0c0dfa4d3dd37debc6f4f
SHA256

7e17575b7e8c9b1622b1215761ac5979fe75a145e2ee15d1572d2d91e20402c2
SHA512

ec6b3c6bfd125804ef8e947421c9115a8bffd3aa4bc4a935604662875e8c74784cc3e812f5d97b77e9751a2829f50a0f643c9ab8d0736b39c763b56d21c1ac8c
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiE/uy5NIv1zPF:FytbV3kSoXaLnTosl4uynIv9t

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3468	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4868	a265dff281036bd8cbba8a55566f584e.exe
4868	a265dff281036bd8cbba8a55566f584e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4868	a265dff281036bd8cbba8a55566f584e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 3052	4868	a265dff281036bd8cbba8a55566f584e.exe	89
PID 4868 wrote to memory of 3052	4868	a265dff281036bd8cbba8a55566f584e.exe	89
PID 3052 wrote to memory of 3468	3052	cmd.exe	91
PID 3052 wrote to memory of 3468	3052	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\a265dff281036bd8cbba8a55566f584e.exe
"C:\Users\Admin\AppData\Local\Temp\a265dff281036bd8cbba8a55566f584e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a265dff281036bd8cbba8a55566f584e.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads