Analysis
-
max time kernel
60s -
max time network
72s -
platform
windows7_x64 -
resource
win7 -
submitted
10-07-2020 21:44
Static task
static1
Behavioral task
behavioral2
Sample
0.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
0.exe
-
Size
92KB
-
MD5
1f1f729ed90fd59ceb8f3c75e40cf5c3
-
SHA1
561db88fe754068dcf0a266b45dbd6bdecef67aa
-
SHA256
309911eeb73e0a28aa50c3e4a51121db47068398b9284432e37e6d2d44c654a4
-
SHA512
4e7773b07bed429d54b9bfec034200e0213304482cff29904c04f28fd47722e0fbffaaa46461ce822e3f634431680ecd1690fbac883fef6667c40afc0b3294dd
Score
7/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0.exedescription pid process Token: SeDebugPrivilege 1492 0.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 ip-api.com