624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967 | Triage

Analysis

max time kernel
136s
max time network
145s
platform
windows7_x64
resource
win7-en-20211014
submitted
31-10-2021 19:36

Sharing

Report Analysis Logs

General

Target

624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967.exe
Size

44KB
MD5

55b47d2158cb66c7bac0b0d915fb5a04
SHA1

56c2e0f4aecb965b2d39aed88c8e06405485caff
SHA256

624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967
SHA512

bd18de7690adf68091b4112f139f62a8f04ae0f21cbf50666b17ce3d9f7f25f8d18277bbc1051492ee8630b069c04620d61bd265b86323c65b6272ab762a0786

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	api.ipify.org

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
952	624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967.exe
952	624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967.exe

C:\Users\Admin\AppData\Local\Temp\624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967.exe
"C:\Users\Admin\AppData\Local\Temp\624a4a14d55ef8e412f1564440d8b7033cf0ff352a50d3982925a23034ff2967.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download