ee65e6d5aac07c1aaae0ece686cfe4bafedc47e35e5361a92d10eaacf437d18b

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/09/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

geekcatpingreducer.exe
Size

7.5MB
MD5

f8c63eca8b26883c30d2240008b07150
SHA1

ccfe5cf24b93114ceb5eca37d9412d3d5c9abd51
SHA256

1bbd2b8817ad1726c8bcc7a13611164010bf04f70527e0bc61c2e408c23330f4
SHA512

8b8f31931bc58dbefbaf74ca6072cdc91993eb5bfc2a683725939e44d935a5af53bf61a1fcfba4b061c362ad51b9efc45adffb94344cbf3806595272848d7f70
SSDEEP

196608:ar97YS6Kc5OshoKMuIkhVastRL5Di3uh1D7J9:CYS85OshouIkPftRL54YRJ9

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2848	geekcatpingreducer.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x0005000000019203-22.dat	upx

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2192	geekcatpingreducer.exe
2848	geekcatpingreducer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2848	2192	geekcatpingreducer.exe	30
PID 2192 wrote to memory of 2848	2192	geekcatpingreducer.exe	30
PID 2192 wrote to memory of 2848	2192	geekcatpingreducer.exe	30

C:\Users\Admin\AppData\Local\Temp\geekcatpingreducer.exe
"C:\Users\Admin\AppData\Local\Temp\geekcatpingreducer.exe"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\geekcatpingreducer.exe
  "C:\Users\Admin\AppData\Local\Temp\geekcatpingreducer.exe"
  2⤵
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21922\python311.dll

Filesize
1.6MB

MD5
5f6fd64ec2d7d73ae49c34dd12cedb23

SHA1
c6e0385a868f3153a6e8879527749db52dce4125

SHA256
ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

SHA512
c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

Download Submit
memory/2848-24-0x000007FEF5DE0000-0x000007FEF63C9000-memory.dmp

Filesize
5.9MB

Download