Analysis
-
max time kernel
92s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27-07-2024 01:54
Static task
static1
Behavioral task
behavioral1
Sample
7d8ae6ec50170ce100b3888c20b090b0N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
7d8ae6ec50170ce100b3888c20b090b0N.exe
Resource
win10v2004-20240709-en
General
-
Target
7d8ae6ec50170ce100b3888c20b090b0N.exe
-
Size
666KB
-
MD5
7d8ae6ec50170ce100b3888c20b090b0
-
SHA1
82b3757da86eefa27cd77723080b9cf2c2c11d32
-
SHA256
4ed271a26862c4672c106efdcd0912babd51e0cd779775b4c283d5674c904009
-
SHA512
7f2fd5ce447e9e5f0ca2a02ab1eae6323d68e57b65ccd36b4cb95ecc29f5d77ed68f2ca72a4e7f715985bfc65953c6ccb93b4ff0dc89b54e8f2d9bd3c41d169c
-
SSDEEP
12288:7ytbV3kSoXaLnToslldQ/xJNnEGo0dXB/VeDhGXP4XLexTa9W:6b5kSYaLTVllW/xQGRXBNSI/2ed5
Malware Config
Signatures
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
Processes:
cmd.exePING.EXEpid process 3288 cmd.exe 456 PING.EXE -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
7d8ae6ec50170ce100b3888c20b090b0N.exepid process 2408 7d8ae6ec50170ce100b3888c20b090b0N.exe 2408 7d8ae6ec50170ce100b3888c20b090b0N.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7d8ae6ec50170ce100b3888c20b090b0N.exedescription pid process Token: SeDebugPrivilege 2408 7d8ae6ec50170ce100b3888c20b090b0N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
7d8ae6ec50170ce100b3888c20b090b0N.execmd.exedescription pid process target process PID 2408 wrote to memory of 3288 2408 7d8ae6ec50170ce100b3888c20b090b0N.exe cmd.exe PID 2408 wrote to memory of 3288 2408 7d8ae6ec50170ce100b3888c20b090b0N.exe cmd.exe PID 3288 wrote to memory of 456 3288 cmd.exe PING.EXE PID 3288 wrote to memory of 456 3288 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d8ae6ec50170ce100b3888c20b090b0N.exe"C:\Users\Admin\AppData\Local\Temp\7d8ae6ec50170ce100b3888c20b090b0N.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\7d8ae6ec50170ce100b3888c20b090b0N.exe"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\PING.EXEping 1.1.1.1 -n 1 -w 60003⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe