Overview

overview

3

Static

static

3

client.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    130s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23/07/2024, 23:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    client.exe

  • Size

    38.4MB

  • MD5

    ffa07d0a1be42d9fddb89850690e62b8

  • SHA1

    f8d2ff1e8ada2c903b2fcf575e916c6d92623943

  • SHA256

    d438cbb750c8ebc05e44a7643fbee10dc97aa1ae62f225db09771cfdd2242c55

  • SHA512

    1e5111c1b504d85d6bfb3a1b3677017d244512dc11011189e6eb0ce86f84b7b38c2e10ea8306af8b171813da9b66979cf49757b9f6d4d407c104ab5c8d4859c7

  • SSDEEP

    393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfR:fMguj8Q4Vfv8qFTrY7

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\client.exe
    "C:\Users\Admin\AppData\Local\Temp\client.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "curl"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Windows\system32\curl.exe
        curl
        3⤵
          PID:5020
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /d /s /c "curl ipcheck.info"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5016
        • C:\Windows\system32\curl.exe
          curl ipcheck.info
          3⤵
            PID:3016
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /d /s /c "curl ipcheck.info"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Windows\system32\curl.exe
            curl ipcheck.info
            3⤵
              PID:3056
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /d /s /c "ping"
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Suspicious use of WriteProcessMemory
            PID:3128
            • C:\Windows\system32\PING.EXE
              ping
              3⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:2296
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /d /s /c "szacun"
            2⤵
              PID:2840
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /d /s /c "start google.com"
              2⤵
                PID:1540
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /d /s /c "start google"
                2⤵
                  PID:3924
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /d /s /c "start ps.exe"
                  2⤵
                    PID:4844
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /d /s /c "start cmd"
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:2336
                    • C:\Windows\system32\cmd.exe
                      cmd
                      3⤵
                        PID:1816
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /d /s /c "start cmd && ping google.com"
                      2⤵
                      • System Network Configuration Discovery: Internet Connection Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:1988
                      • C:\Windows\system32\cmd.exe
                        cmd
                        3⤵
                          PID:4592
                        • C:\Windows\system32\PING.EXE
                          ping google.com
                          3⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:2880

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads