733aa0f698ea17f42e1ae6208e0fe5b37790977c456929f5b9b9351814165df2

Analysis

max time kernel
30s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IP_Pinger_by_HDR.exe
Size

5.2MB
MD5

31fe71fe2fe9ee4de12e9713093ccc12
SHA1

166d4a55af28e88360e505a589a697eb0d4fd4b8
SHA256

733aa0f698ea17f42e1ae6208e0fe5b37790977c456929f5b9b9351814165df2
SHA512

20ff2eadfa91b1b4b4862c82c8513a04720521824fe090efccf94dc2e6b8642511411a453d9697ebe1a3f8e05a180f64907780fd10920d1fdbb020545c765177
SSDEEP

98304:n58QEHEhmrHQktlw2Kce26t+JhVWn2xxjsAIzstaIy3y75RNNENQ:n5zW3tlKXqXWnA3Iz8aPsN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
872	IP_Pinger_by_HDR.exe
872	IP_Pinger_by_HDR.exe
872	IP_Pinger_by_HDR.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3680	PING.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	872	IP_Pinger_by_HDR.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 872	4408	IP_Pinger_by_HDR.exe	84
PID 4408 wrote to memory of 872	4408	IP_Pinger_by_HDR.exe	84
PID 872 wrote to memory of 4892	872	IP_Pinger_by_HDR.exe	85
PID 872 wrote to memory of 4892	872	IP_Pinger_by_HDR.exe	85
PID 872 wrote to memory of 2076	872	IP_Pinger_by_HDR.exe	86
PID 872 wrote to memory of 2076	872	IP_Pinger_by_HDR.exe	86
PID 872 wrote to memory of 380	872	IP_Pinger_by_HDR.exe	95
PID 872 wrote to memory of 380	872	IP_Pinger_by_HDR.exe	95
PID 380 wrote to memory of 3680	380	cmd.exe	96
PID 380 wrote to memory of 3680	380	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe
"C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe
  "C:\Users\Admin\AppData\Local\Temp\IP_Pinger_by_HDR.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Hydra Pinger
    3⤵
    PID:2076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ping 34.345.543 -t
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:380
  - - C:\Windows\system32\PING.EXE
      ping 34.345.543 -t
      4⤵
      Runs ping.exe
      PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI44082\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44082\_ctypes.pyd

Filesize
129KB

MD5
2f21f50d2252e3083555a724ca57b71e

SHA1
49ec351d569a466284b8cc55ee9aeaf3fbf20099

SHA256
09887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce

SHA512
e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44082\base_library.zip

Filesize
766KB

MD5
c7f6b1e71737274de654099f1a483896

SHA1
6cf5965a8efb64443dc654c6b9953eacb314daca

SHA256
d982c24bbc242b3cc0094ee3685fba79297f3893d354293d4c33ccfd431dfb1d

SHA512
3b196ecb376f02b900b581d98d347d22d89d34b502a46770493663e48f9d7eee4b42acb16181b441026ae1634638faa14e4ebd814e05ccaf2b965aa2a5b5179c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44082\python37.dll

Filesize
3.7MB

MD5
62125a78b9be5ac58c3b55413f085028

SHA1
46c643f70dd3b3e82ab4a5d1bc979946039e35b2

SHA256
17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f

SHA512
e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4

Download Submit