2e70ae7d9731f2e9f3c639609206d8883c8621efc7dea3a4c256875efe31642a

Resubmissions

29/09/2024, 09:48

240929-lsz47ssalf 3

29/09/2024, 09:44

240929-lqx7ts1hla 3

Analysis

max time kernel
13s
max time network
9s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/09/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lool.exe
Size

27KB
MD5

60fb232d4620da65952911bee279a253
SHA1

a97ea8eb050359580ce2e468ec4f35b4dc4cf938
SHA256

2e70ae7d9731f2e9f3c639609206d8883c8621efc7dea3a4c256875efe31642a
SHA512

65d0c9a56f85a9488add41df3a2b86501c24cd2a1a726ee50a1c817f026719066ebf1747b44a222a1deaac025c1498aa8281ef218193f8e9e29d0a4c13bde9ce
SSDEEP

384:oy/AwToHDe7NsYRQGgoAqBrkxhCv9Xy/5RMyRwMqEiSvfnosqj3rX4Z:sxHDDYiGgOChCFXc5RtYHuoso3rI

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2832	cmd.exe
2660	PING.EXE

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2660	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2832	2932	lool.exe	79
PID 2932 wrote to memory of 2832	2932	lool.exe	79
PID 2832 wrote to memory of 2660	2832	cmd.exe	80
PID 2832 wrote to memory of 2660	2832	cmd.exe	80

C:\Users\Admin\AppData\Local\Temp\lool.exe
"C:\Users\Admin\AppData\Local\Temp\lool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ping api.synapsez.net > status.tmp
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Windows\system32\PING.EXE
    ping api.synapsez.net
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\status.tmp

Filesize
469B

MD5
dcfca56b6d122543c01f1d2d93905631

SHA1
81876cebd3b8eeb9857595a6f04ea4bb9bf871ba

SHA256
e01d238c600f633ce1cd386f39f0f1e047561091375218eeb2f9a3c6d2c615fe

SHA512
6f142fe41c0d304ea85305316f5ac226a15d60cf05513b3becdd23ab7a3575a4241bb6b74a4f2a2a2e4dcb6e083a1fa9434b503bb26594dba097b5bcd4ab82c4

Download Submit