21fed1f5458197bfcac9b920da16be506bdea565bf1d7caa54490614c39b6368

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c379fd85e07e485b3e8a966fc49042c1.exe
Size

458KB
MD5

c379fd85e07e485b3e8a966fc49042c1
SHA1

1531890ab35ff937388dd1bbce5cff026c87bb08
SHA256

21fed1f5458197bfcac9b920da16be506bdea565bf1d7caa54490614c39b6368
SHA512

1a8da002fe52870441b2940f6c0be269f1647424cbb97472bfd4fe59c55b2d964d55015d5e7b9f0f65c1fd03b65cd6286735310d01e71424ea53cacf88a6e787
SSDEEP

6144:AJ6VANOasIMiWxBdMt3VcOmHiMGyWbeSXR7e80sYfM4L:AcObyByt3VEgFevL

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
876	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 1136	3808	c379fd85e07e485b3e8a966fc49042c1.exe	97
PID 3808 wrote to memory of 1136	3808	c379fd85e07e485b3e8a966fc49042c1.exe	97
PID 3808 wrote to memory of 1136	3808	c379fd85e07e485b3e8a966fc49042c1.exe	97
PID 1136 wrote to memory of 876	1136	cmd.exe	99
PID 1136 wrote to memory of 876	1136	cmd.exe	99
PID 1136 wrote to memory of 876	1136	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\c379fd85e07e485b3e8a966fc49042c1.exe
"C:\Users\Admin\AppData\Local\Temp\c379fd85e07e485b3e8a966fc49042c1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\c379fd85e07e485b3e8a966fc49042c1.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1136
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3808-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3808-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3808-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3808-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download