2e70ae7d9731f2e9f3c639609206d8883c8621efc7dea3a4c256875efe31642a

Resubmissions

29/09/2024, 09:48

240929-lsz47ssalf 3

29/09/2024, 09:44

240929-lqx7ts1hla 3

Analysis

max time kernel
91s
max time network
97s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/09/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lool.exe
Size

27KB
MD5

60fb232d4620da65952911bee279a253
SHA1

a97ea8eb050359580ce2e468ec4f35b4dc4cf938
SHA256

2e70ae7d9731f2e9f3c639609206d8883c8621efc7dea3a4c256875efe31642a
SHA512

65d0c9a56f85a9488add41df3a2b86501c24cd2a1a726ee50a1c817f026719066ebf1747b44a222a1deaac025c1498aa8281ef218193f8e9e29d0a4c13bde9ce
SSDEEP

384:oy/AwToHDe7NsYRQGgoAqBrkxhCv9Xy/5RMyRwMqEiSvfnosqj3rX4Z:sxHDDYiGgOChCFXc5RtYHuoso3rI

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1168	cmd.exe
4992	PING.EXE

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4992	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 1168	2448	lool.exe	80
PID 2448 wrote to memory of 1168	2448	lool.exe	80
PID 1168 wrote to memory of 4992	1168	cmd.exe	81
PID 1168 wrote to memory of 4992	1168	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\lool.exe
"C:\Users\Admin\AppData\Local\Temp\lool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ping api.synapsez.net > status.tmp
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Windows\system32\PING.EXE
    ping api.synapsez.net
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\status.tmp

Filesize
438B

MD5
5c14ed30b4ccd9f846c3dc5483a05ca1

SHA1
365607c987165da7331ad8a5ed27622bac3e6a22

SHA256
ffe078a7a304a876d2ed6db96497ddcebfd8ffde4a575f4fe25ea33436fb7af9

SHA512
59c385e51806ee72658c27d8879e50bd2c90d3897e425ee1595bb799b7f92f2ec80a6d3399cce6a24916dfdcc710c738705a3b5bf4321c5e6c7e0a8e0ae36f64

Download Submit