a069031bda71c1515975c9b24f1a137ccc091529b870437034bf87a3e26b4d65

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 03:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c4d98bf2f30a62f37731c9532e8d0374.exe
Size

316KB
MD5

c4d98bf2f30a62f37731c9532e8d0374
SHA1

9d5c7ee870025f62a8490a8c53e17d72133f5538
SHA256

a069031bda71c1515975c9b24f1a137ccc091529b870437034bf87a3e26b4d65
SHA512

93964435911452ca75269ddd57d9bd17f50a4af58a8c1079048c626f13867bb0285a7e223849ffe1efc930a129734533fc70e82ab498c7e42e4d20ef8baf1e4c
SSDEEP

6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEqGVs9TQhp6Ig7:FytbV3kSoXaLnToslZ9Tmp+7

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1960	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3040	c4d98bf2f30a62f37731c9532e8d0374.exe
3040	c4d98bf2f30a62f37731c9532e8d0374.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3040	c4d98bf2f30a62f37731c9532e8d0374.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 436	3040	c4d98bf2f30a62f37731c9532e8d0374.exe	88
PID 3040 wrote to memory of 436	3040	c4d98bf2f30a62f37731c9532e8d0374.exe	88
PID 436 wrote to memory of 1960	436	cmd.exe	91
PID 436 wrote to memory of 1960	436	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\c4d98bf2f30a62f37731c9532e8d0374.exe
"C:\Users\Admin\AppData\Local\Temp\c4d98bf2f30a62f37731c9532e8d0374.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\c4d98bf2f30a62f37731c9532e8d0374.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:436
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads