Overview

overview

7

Static

static

3

df3f7515ba...25.exe

windows7-x64

7

df3f7515ba...25.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 13:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    df3f7515ba95a49717a2c88bdabfa025.exe

  • Size

    488KB

  • MD5

    df3f7515ba95a49717a2c88bdabfa025

  • SHA1

    3d8a769f9701e3e35931a1ec5c72602af948154b

  • SHA256

    ce5fde2961fc18f3d14bccdb4f02ff798df90670c52b415d2fe1d8d94a9d3701

  • SHA512

    bbd2a22708dd75d32c894a1d111ad5a2939445d5aac7d75f3d748248b6836c3506e133934829ad1aad37276a63e5e9495b5c187c928db4afefa21417c4a03f71

  • SSDEEP

    12288:FytbV3kSoXaLnToslQgvQqkXclgZ3bp9SM9M3nDu+S:Eb5kSYaLTVlQAQTXPZriM94il

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df3f7515ba95a49717a2c88bdabfa025.exe
    "C:\Users\Admin\AppData\Local\Temp\df3f7515ba95a49717a2c88bdabfa025.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4344
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\df3f7515ba95a49717a2c88bdabfa025.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:552
      • C:\Windows\system32\PING.EXE
        ping 1.1.1.1 -n 1 -w 6000
        3⤵
        • Runs ping.exe
        PID:4120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads