25939f03c43151ec5474f746fc71510fb6abe8b5e41da44fef74b6bc806e26b4 | Triage

Analysis

max time kernel
120s
max time network
172s
platform
windows7_x64
resource
win7v20210410
submitted
27-07-2021 17:22

Sharing

Report Analysis Logs

General

Target

unpacked.dll.exe
Size

132KB
MD5

14e049a9f6cf9749165621c26365931b
SHA1

7644a353908969fa261f656c79c6050ef8b76eb3
SHA256

25939f03c43151ec5474f746fc71510fb6abe8b5e41da44fef74b6bc806e26b4
SHA512

ca3281218db70b68b4ba1caaa01311cad7dbe0a29abb4d2c8e5a22477740531b343f17c0bf15dfdd8285c044baf42fca3da29f9b05a18fa958b9e8eb12cda5fb

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

20 myexternalip.com
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

unpacked.dll.exe

description pid process

Token: SeDebugPrivilege 856 unpacked.dll.exe

C:\Users\Admin\AppData\Local\Temp\unpacked.dll.exe
"C:\Users\Admin\AppData\Local\Temp\unpacked.dll.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-60-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/856-61-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download