157da2de491550c5ac25dc65049e0d6188cb1cad5d5e6124afabf5627b669573

Analysis

max time kernel
31s
max time network
121s
platform
windows10_x64
resource
win10v20210408
submitted
21-07-2021 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad2917599132e15656b78cca87799907.exe
Size

6.6MB
MD5

ad2917599132e15656b78cca87799907
SHA1

6420a174293f9530ca89ff618ca9d42ac4a38c47
SHA256

157da2de491550c5ac25dc65049e0d6188cb1cad5d5e6124afabf5627b669573
SHA512

fa3c60abfc32d45f3dc442cffc6a4420b0eb57718c8aa65404fbeccf3aadc03a11c284473d6c091c7d596fa99142742632a3eaaec3c2d55e9891daf104b3f65b

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

16 whatismyip.com
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

ad2917599132e15656b78cca87799907.exe

pid process

664 ad2917599132e15656b78cca87799907.exe
664 ad2917599132e15656b78cca87799907.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ad2917599132e15656b78cca87799907.exe

description pid process

Token: SeDebugPrivilege 664 ad2917599132e15656b78cca87799907.exe

flow	ioc
16	whatismyip.com

pid	process
664	ad2917599132e15656b78cca87799907.exe
664	ad2917599132e15656b78cca87799907.exe

description	pid	process
Token: SeDebugPrivilege	664	ad2917599132e15656b78cca87799907.exe

C:\Users\Admin\AppData\Local\Temp\ad2917599132e15656b78cca87799907.exe
"C:\Users\Admin\AppData\Local\Temp\ad2917599132e15656b78cca87799907.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/664-114-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/664-116-0x00000000019E0000-0x00000000019E1000-memory.dmp

Filesize
4KB

Download
memory/664-117-0x0000000001980000-0x0000000001981000-memory.dmp

Filesize
4KB

Download
memory/664-118-0x000000000C390000-0x000000000CB30000-memory.dmp

Filesize
7.6MB

Download
memory/664-119-0x000000000D030000-0x000000000D031000-memory.dmp

Filesize
4KB

Download
memory/664-120-0x0000000007DA0000-0x0000000007DA1000-memory.dmp

Filesize
4KB

Download
memory/664-121-0x0000000008450000-0x0000000008451000-memory.dmp

Filesize
4KB

Download
memory/664-122-0x0000000007D70000-0x0000000007D71000-memory.dmp

Filesize
4KB

Download
memory/664-123-0x0000000008160000-0x0000000008161000-memory.dmp

Filesize
4KB

Download
memory/664-124-0x0000000008290000-0x0000000008291000-memory.dmp

Filesize
4KB

Download
memory/664-125-0x0000000011180000-0x0000000011181000-memory.dmp

Filesize
4KB

Download
memory/664-126-0x00000000111C0000-0x00000000111C1000-memory.dmp

Filesize
4KB

Download
memory/664-127-0x0000000011210000-0x0000000011211000-memory.dmp

Filesize
4KB

Download
memory/664-128-0x0000000011700000-0x0000000011701000-memory.dmp

Filesize
4KB

Download
memory/664-129-0x0000000001983000-0x0000000001985000-memory.dmp

Filesize
8KB

Download
memory/664-130-0x0000000012C30000-0x0000000012C31000-memory.dmp

Filesize
4KB

Download
memory/664-131-0x000000000CDA0000-0x000000000CDA1000-memory.dmp

Filesize
4KB

Download
memory/664-132-0x0000000013070000-0x0000000013071000-memory.dmp

Filesize
4KB

Download
memory/664-133-0x0000000012F80000-0x0000000012F81000-memory.dmp

Filesize
4KB

Download
memory/664-134-0x00000000132F0000-0x00000000132F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads