e88179359f5b085992cc440b6dac2614998a1afeb9d0302896fd058644766af2

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b57e3e47087f308350373067fcee29d3.exe
Size

544KB
MD5

b57e3e47087f308350373067fcee29d3
SHA1

9661637d00d74017ffc4f25186703795446bcc40
SHA256

e88179359f5b085992cc440b6dac2614998a1afeb9d0302896fd058644766af2
SHA512

55cfd82f2ceaa70c9db0dd15df560485d27cb6e7d4f2143264e0c26b799c4646c6296bd2946789dcacdc84a5bba4ae5e414df262814d5497e462c55901bd10ac
SSDEEP

12288:FytbV3kSoXaLnToslHHl9ShYMJLY8XxhbshTaNs:Eb5kSYaLTVlnahYl80Tay

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4432	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4932	b57e3e47087f308350373067fcee29d3.exe
4932	b57e3e47087f308350373067fcee29d3.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4932	b57e3e47087f308350373067fcee29d3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 2304	4932	b57e3e47087f308350373067fcee29d3.exe	95
PID 4932 wrote to memory of 2304	4932	b57e3e47087f308350373067fcee29d3.exe	95
PID 2304 wrote to memory of 4432	2304	cmd.exe	97
PID 2304 wrote to memory of 4432	2304	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\b57e3e47087f308350373067fcee29d3.exe
"C:\Users\Admin\AppData\Local\Temp\b57e3e47087f308350373067fcee29d3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\b57e3e47087f308350373067fcee29d3.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads