Analysis
-
max time kernel
120s -
max time network
172s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
27-07-2021 17:22
Behavioral task
behavioral1
Sample
unpacked.dll.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
unpacked.dll.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
unpacked.dll.exe
-
Size
132KB
-
MD5
14e049a9f6cf9749165621c26365931b
-
SHA1
7644a353908969fa261f656c79c6050ef8b76eb3
-
SHA256
25939f03c43151ec5474f746fc71510fb6abe8b5e41da44fef74b6bc806e26b4
-
SHA512
ca3281218db70b68b4ba1caaa01311cad7dbe0a29abb4d2c8e5a22477740531b343f17c0bf15dfdd8285c044baf42fca3da29f9b05a18fa958b9e8eb12cda5fb
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 20 myexternalip.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
unpacked.dll.exedescription pid process Token: SeDebugPrivilege 856 unpacked.dll.exe