842bb0bfc840410cb14271fb59c12c65aaaa9f2955015935e99153424c83696d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Universal_Launcher.exe
Size

127KB
MD5

ce63909b34ad8b4cc082766ce23e1f9c
SHA1

1005ca224a90549e5b9a91376d368cb1fd14f0d7
SHA256

842bb0bfc840410cb14271fb59c12c65aaaa9f2955015935e99153424c83696d
SHA512

edf5275d0bca175e8c4b6d14cef4e40e9b61174b46335df0213d95d14f4f708f0234f52e5196e1efce8632d454e237ff7accc407372be416bd9b5b8e9e15d7c8
SSDEEP

3072:E/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSNh2du:ntzsb5Uh28+V1WW69B9VjMdxPedN9ugl

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2932	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 1664	4428	Universal_Launcher.exe	83
PID 4428 wrote to memory of 1664	4428	Universal_Launcher.exe	83
PID 1664 wrote to memory of 3592	1664	cmd.exe	84
PID 1664 wrote to memory of 3592	1664	cmd.exe	84
PID 1664 wrote to memory of 2932	1664	cmd.exe	94
PID 1664 wrote to memory of 2932	1664	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\Universal_Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Universal_Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2F6C.tmp\2F6D.tmp\2F6E.bat C:\Users\Admin\AppData\Local\Temp\Universal_Launcher.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Windows\system32\mode.com
    mode 120,30
    3⤵
    PID:3592
- - C:\Windows\system32\PING.EXE
    ping localhost -n 5
    3⤵
    - Runs ping.exe
    PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2F6C.tmp\2F6D.tmp\2F6E.bat

Filesize
704B

MD5
958c99e874b4d7d92abf334bab5f7e81

SHA1
6faaab0235034ba2da29147eda36bda9fb7039b3

SHA256
fd2fd57a7633bd8b9f7dd644baac28092ae2a4eafbef906f44af7f681e53b4c4

SHA512
eb578bec5a217eda7138040799affa338aad5b574abc0bc8c938fd1dc750057813934f16c1f241a440a6fe08e0f51011d3fb375f97ed659a6e581331043cf33d

Download Submit