Overview

overview

3

Static

static

3

AnDDoS.exe

windows10-2004-x64

3

AnDDoS.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    59s
  • max time network
    33s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/09/2024, 02:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnDDoS.exe

  • Size

    522KB

  • MD5

    d027869ca68b6df09e2fe721a1acb994

  • SHA1

    d50ea5e2ab1b5b9362f010248328b19a5a395dfe

  • SHA256

    0cad6aa35e8bc5c0148fd17b3ebb3477175520cd6bf32fcde9ab19ca03425a29

  • SHA512

    8890d7ac227a7a8368a71a84797916521886d58de69c78ecccea82ec357f33930b28ac215905ee926b2d9f93808ff72d37cd600511eab1c4e16b9140891601a5

  • SSDEEP

    12288:cCga6BJor4hQMdhwS9XVCga6BJor4hQMdhwS9Xm:cCga6BJe4q6JlCga6BJe4q6J2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 42 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnDDoS.exe
    "C:\Users\Admin\AppData\Local\Temp\AnDDoS.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:3164
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:3484
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2256
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:236
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • Runs ping.exe
        PID:1104
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1872
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2160
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:4964
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:3960
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:4104
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:4452
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2000
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:4840
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2020
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:4684
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2080
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:3788
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • Runs ping.exe
        PID:4216
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:1380
      • C:\Windows\SysWOW64\PING.EXE
        ping https://bigrat.monster -t
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:848
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /k ping https://bigrat.monster -t
      2⤵
        PID:3684
        • C:\Windows\SysWOW64\PING.EXE
          ping https://bigrat.monster -t
          3⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:3508
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /k ping https://bigrat.monster -t
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:3612
        • C:\Windows\SysWOW64\PING.EXE
          ping https://bigrat.monster -t
          3⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2820
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /k ping https://bigrat.monster -t
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:4256
        • C:\Windows\SysWOW64\PING.EXE
          ping https://bigrat.monster -t
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1668
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /k ping https://bigrat.monster -t
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:5112
        • C:\Windows\SysWOW64\PING.EXE
          ping https://bigrat.monster -t
          3⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2164
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /k ping https://bigrat.monster -t
        2⤵
          PID:4736
          • C:\Windows\SysWOW64\PING.EXE
            ping https://bigrat.monster -t
            3⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:4672
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /k ping https://bigrat.monster -t
          2⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          PID:4740
          • C:\Windows\SysWOW64\PING.EXE
            ping https://bigrat.monster -t
            3⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:3716
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /k ping https://bigrat.monster -t
          2⤵
            PID:1008
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • Runs ping.exe
              PID:1520
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:556
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:3448
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:1192
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • Runs ping.exe
              PID:3772
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:3936
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:2516
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:2372
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:4892
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            PID:4628
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:4016
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            PID:1972
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:3020
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:3368
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • Runs ping.exe
              PID:4112
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:3948
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:2256
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:1176
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • Runs ping.exe
              PID:3984
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:3472
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:3960
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:3752
            • C:\Windows\SysWOW64\PING.EXE
              ping https://bigrat.monster -t
              3⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:3212
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /k ping https://bigrat.monster -t
            2⤵
              PID:2440
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2192
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:876
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • Runs ping.exe
                PID:2932
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:3508
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4788
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:3744
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4364
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:4092
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4672
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:2040
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4444
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              PID:1640
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4580
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:2516
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1616
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:1208
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4968
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              PID:3192
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1628
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:4996
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • Runs ping.exe
                PID:1000
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              PID:3172
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:4476
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /k ping https://bigrat.monster -t
              2⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:1528
              • C:\Windows\SysWOW64\PING.EXE
                ping https://bigrat.monster -t
                3⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:3428

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2672-0-0x00000000747EE000-0x00000000747EF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2672-1-0x0000000000560000-0x00000000005EA000-memory.dmp

            Filesize

            552KB

            Download

          • memory/2672-2-0x0000000004F40000-0x0000000004FDC000-memory.dmp

            Filesize

            624KB

            Download

          • memory/2672-3-0x0000000005590000-0x0000000005B36000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/2672-4-0x0000000005080000-0x0000000005112000-memory.dmp

            Filesize

            584KB

            Download

          • memory/2672-5-0x0000000004FF0000-0x0000000004FFA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2672-6-0x00000000747E0000-0x0000000074F91000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/2672-7-0x0000000005210000-0x0000000005266000-memory.dmp

            Filesize

            344KB

            Download

          • memory/2672-8-0x00000000747E0000-0x0000000074F91000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/2672-9-0x00000000747EE000-0x00000000747EF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2672-10-0x00000000747E0000-0x0000000074F91000-memory.dmp

            Filesize

            7.7MB

            Download