13c0b4df7f3247aaa00a2a3525e858642feca796109f6941fc61ca21f17a3666

Analysis

max time kernel
151s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c36b1441efc1e106b116dfa1f428cc41.exe
Size

316KB
MD5

c36b1441efc1e106b116dfa1f428cc41
SHA1

2fad47d9b780f556752d4d42c80973138634176c
SHA256

13c0b4df7f3247aaa00a2a3525e858642feca796109f6941fc61ca21f17a3666
SHA512

3f31eab90ffe7b77b4de9fd3f175f6bdc89d00d040339447557c6192d1b228aa5fb33a5e4bbdcd0473848834a78a2948d9ec3a381baa8aa9b94a8fc555034bb5
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEWdLM6s:FytbV3kSoXaLnToslQ9

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4004	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
412	c36b1441efc1e106b116dfa1f428cc41.exe
412	c36b1441efc1e106b116dfa1f428cc41.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	412	c36b1441efc1e106b116dfa1f428cc41.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 948	412	c36b1441efc1e106b116dfa1f428cc41.exe	96
PID 412 wrote to memory of 948	412	c36b1441efc1e106b116dfa1f428cc41.exe	96
PID 948 wrote to memory of 4004	948	cmd.exe	98
PID 948 wrote to memory of 4004	948	cmd.exe	98

C:\Users\Admin\AppData\Local\Temp\c36b1441efc1e106b116dfa1f428cc41.exe
"C:\Users\Admin\AppData\Local\Temp\c36b1441efc1e106b116dfa1f428cc41.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:412
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\c36b1441efc1e106b116dfa1f428cc41.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...