Overview

overview

6

Static

static

3

Bypass.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    136s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bypass.exe

  • Size

    154KB

  • MD5

    6f8d337edc954a1f9cc605fed3cfc665

  • SHA1

    fb11e670fc612fc92ba92358d5a4d9918295c3f2

  • SHA256

    bdb8559a8f3e77711f0bcf32d2a7af6d2b1559011c1700e8431296ea8d13dda3

  • SHA512

    df1206840f3e08e9528146e4758e0ea3fd59023b6907f8658a195e60e249b26dbca93fcc500199e95d28481cd45dc0519c976357ee0c849efa9e058b68460cc4

  • SSDEEP

    3072:tahKyd2n3115GWp1icKAArDZz4N9GhbkrNEk1pT:tahOBp0yN90QEe

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 9 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs net.exe
  • Runs ping.exe 1 TTPs 9 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bypass.exe
    "C:\Users\Admin\AppData\Local\Temp\Bypass.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3976
    • C:\Windows\SYSTEM32\cmd.exe
      cmd /c "Bypass.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3224
      • C:\Windows\system32\net.exe
        net session
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1732
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 session
          4⤵
            PID:2800
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:3940
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:376
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1976
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1740
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:4572
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1768
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:4576
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2648
        • C:\Windows\system32\PING.EXE
          ping -n 2 localhost
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:3564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Bypass.bat
      Filesize

      1KB

      MD5

      278331df65aa71c26721800defb48098

      SHA1

      28bbf8e4ef6e85bbd40612d0afa6528484d47443

      SHA256

      c3268d1ef6a27345fe0277727433a7214b27c1de05a2afbeffcea1109a111ca4

      SHA512

      526b5e1d0279280f28a7549aa7b786b5d643e450383aaebe4371fb808bd68cfa366e5700ed0c9fc7d4f96480ed8829e5af0bedac4218eaa3afbc6d53b8c18d05

      Download Submit