50e7838c9c35f8b7db4f5a50854ce2db4ed0d41158c9dfcea99550e4cddb5985

Analysis

max time kernel
78s
max time network
41s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rubin.bat
Size

688B
MD5

06d235f143a4794aec54c11d01470634
SHA1

3be2c7fe796f32644a586ac9928a1ea04753bb47
SHA256

50e7838c9c35f8b7db4f5a50854ce2db4ed0d41158c9dfcea99550e4cddb5985
SHA512

162ee337b03621db0b11281587fbbf64cd04809156b422aa118e50cdd052f3ef840c3d60cc46b5f6be0a94e9011ca050eb3dc2296559706c52292d11b7a494a4

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
2716	PING.EXE
2056	PING.EXE
2624	PING.EXE
2552	PING.EXE
2512	PING.EXE
1824	PING.EXE
2364	PING.EXE
2484	PING.EXE
3016	PING.EXE
2232	PING.EXE
2908	PING.EXE
2692	PING.EXE
2032	PING.EXE
2648	PING.EXE
2348	PING.EXE
2944	PING.EXE
2456	PING.EXE
2556	PING.EXE
2656	PING.EXE
956	PING.EXE
2044	PING.EXE
2276	PING.EXE
1436	PING.EXE
2256	PING.EXE
1816	PING.EXE
2904	PING.EXE
1652	PING.EXE
1552	PING.EXE
2804	PING.EXE
2028	PING.EXE
2500	PING.EXE
2216	PING.EXE
2716	PING.EXE
1168	PING.EXE
900	PING.EXE
2340	PING.EXE
2156	PING.EXE
1264	PING.EXE
1108	PING.EXE
2444	PING.EXE
2148	PING.EXE
2868	PING.EXE
1820	PING.EXE
2732	PING.EXE
1736	PING.EXE
1312	PING.EXE
2148	PING.EXE
652	PING.EXE
2816	PING.EXE
2892	PING.EXE
1652	PING.EXE
760	PING.EXE
2012	PING.EXE
2024	PING.EXE
2508	PING.EXE
1716	PING.EXE
2200	PING.EXE
1940	PING.EXE
2460	PING.EXE
1108	PING.EXE
2560	PING.EXE
2528	PING.EXE
760	PING.EXE
1636	PING.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2188	1720	cmd.exe	29
PID 1720 wrote to memory of 2188	1720	cmd.exe	29
PID 1720 wrote to memory of 2188	1720	cmd.exe	29
PID 1720 wrote to memory of 2372	1720	cmd.exe	30
PID 1720 wrote to memory of 2372	1720	cmd.exe	30
PID 1720 wrote to memory of 2372	1720	cmd.exe	30
PID 1720 wrote to memory of 2032	1720	cmd.exe	31
PID 1720 wrote to memory of 2032	1720	cmd.exe	31
PID 1720 wrote to memory of 2032	1720	cmd.exe	31
PID 1720 wrote to memory of 2552	1720	cmd.exe	32
PID 1720 wrote to memory of 2552	1720	cmd.exe	32
PID 1720 wrote to memory of 2552	1720	cmd.exe	32
PID 1720 wrote to memory of 2656	1720	cmd.exe	33
PID 1720 wrote to memory of 2656	1720	cmd.exe	33
PID 1720 wrote to memory of 2656	1720	cmd.exe	33
PID 1720 wrote to memory of 2648	1720	cmd.exe	34
PID 1720 wrote to memory of 2648	1720	cmd.exe	34
PID 1720 wrote to memory of 2648	1720	cmd.exe	34
PID 1720 wrote to memory of 2256	1720	cmd.exe	35
PID 1720 wrote to memory of 2256	1720	cmd.exe	35
PID 1720 wrote to memory of 2256	1720	cmd.exe	35
PID 1720 wrote to memory of 2028	1720	cmd.exe	36
PID 1720 wrote to memory of 2028	1720	cmd.exe	36
PID 1720 wrote to memory of 2028	1720	cmd.exe	36
PID 1720 wrote to memory of 2484	1720	cmd.exe	37
PID 1720 wrote to memory of 2484	1720	cmd.exe	37
PID 1720 wrote to memory of 2484	1720	cmd.exe	37
PID 1720 wrote to memory of 2500	1720	cmd.exe	38
PID 1720 wrote to memory of 2500	1720	cmd.exe	38
PID 1720 wrote to memory of 2500	1720	cmd.exe	38
PID 1720 wrote to memory of 2460	1720	cmd.exe	39
PID 1720 wrote to memory of 2460	1720	cmd.exe	39
PID 1720 wrote to memory of 2460	1720	cmd.exe	39
PID 1720 wrote to memory of 2512	1720	cmd.exe	40
PID 1720 wrote to memory of 2512	1720	cmd.exe	40
PID 1720 wrote to memory of 2512	1720	cmd.exe	40
PID 1720 wrote to memory of 2904	1720	cmd.exe	41
PID 1720 wrote to memory of 2904	1720	cmd.exe	41
PID 1720 wrote to memory of 2904	1720	cmd.exe	41
PID 1720 wrote to memory of 2908	1720	cmd.exe	42
PID 1720 wrote to memory of 2908	1720	cmd.exe	42
PID 1720 wrote to memory of 2908	1720	cmd.exe	42
PID 1720 wrote to memory of 1108	1720	cmd.exe	43
PID 1720 wrote to memory of 1108	1720	cmd.exe	43
PID 1720 wrote to memory of 1108	1720	cmd.exe	43
PID 1720 wrote to memory of 2796	1720	cmd.exe	44
PID 1720 wrote to memory of 2796	1720	cmd.exe	44
PID 1720 wrote to memory of 2796	1720	cmd.exe	44
PID 1720 wrote to memory of 3016	1720	cmd.exe	45
PID 1720 wrote to memory of 3016	1720	cmd.exe	45
PID 1720 wrote to memory of 3016	1720	cmd.exe	45
PID 1720 wrote to memory of 2156	1720	cmd.exe	46
PID 1720 wrote to memory of 2156	1720	cmd.exe	46
PID 1720 wrote to memory of 2156	1720	cmd.exe	46
PID 1720 wrote to memory of 2508	1720	cmd.exe	47
PID 1720 wrote to memory of 2508	1720	cmd.exe	47
PID 1720 wrote to memory of 2508	1720	cmd.exe	47
PID 1720 wrote to memory of 2716	1720	cmd.exe	48
PID 1720 wrote to memory of 2716	1720	cmd.exe	48
PID 1720 wrote to memory of 2716	1720	cmd.exe	48
PID 1720 wrote to memory of 1652	1720	cmd.exe	49
PID 1720 wrote to memory of 1652	1720	cmd.exe	49
PID 1720 wrote to memory of 1652	1720	cmd.exe	49
PID 1720 wrote to memory of 760	1720	cmd.exe	50

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Rubin.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\system32\ARP.EXE
  arp -a 192.168.1.1
  2⤵
  PID:2188
- C:\Windows\system32\find.exe
  find "dynamic"
  2⤵
  PID:2372
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2032
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2552
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2656
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2648
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2256
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2028
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2484
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2500
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2460
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2512
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2904
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2908
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1108
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2796
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:3016
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2156
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2508
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2716
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1652
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:760
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:1628
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1824
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:560
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2732
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2012
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1552
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:1504
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1312
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1264
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1168
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2148
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2112
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:900
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1816
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:956
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:1140
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2216
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1716
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:1668
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:652
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2868
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2056
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2044
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:612
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2348
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1820
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2200
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1736
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2944
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2584
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2804
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2816
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2560
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2624
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2456
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2504
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2232
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2064
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1940
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2908
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1108
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2892
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2556
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2276
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2528
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2716
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1652
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:760
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2444
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2692
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2364
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:1516
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1636
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:1440
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:1436
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2024
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  PID:2440
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2340
- C:\Windows\system32\PING.EXE
  ping 192.168.1.1 -n 1 -w 1000
  2⤵
  - Runs ping.exe
  PID:2148

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...