unlikely, because no sane admin pings ip addresses in a hexadecimal form

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_ping_hex_ip.yml>sigma
technicques: t1027 t1140

Techniques

Detects a ping command that uses a hex encoded IP address

condition: selection
selection:
  CommandLine|re: 0x[a-fA-F0-9]{8}
  Image|endswith: \ping.exe