1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-en-20211208
submitted
27-01-2022 16:53

Sharing

Report Analysis Logs

General

Target

исходник.exe
Size

2.6MB
MD5

cb267c252a42ed8e1de90463e2ab4013
SHA1

fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b
SHA256

1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0
SHA512

ece505a79a2e2b84b731ece8024e37f4da579f6af1555ad6ae2088c5fe4c5884819e64a4ca7b42fcee464912179e88a9782566cf5f2ff18f9bf63121e5045b01

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 api.ipify.org
5 api.ipify.org
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

исходник.exe

description pid process

Token: SeDebugPrivilege 760 исходник.exe

C:\Users\Admin\AppData\Local\Temp\исходник.exe
"C:\Users\Admin\AppData\Local\Temp\исходник.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/760-54-0x00000000003E0000-0x0000000000686000-memory.dmp

Filesize
2.6MB

Download
memory/760-55-0x000000001B160000-0x000000001B1D6000-memory.dmp

Filesize
472KB

Download
memory/760-56-0x000000001B2C0000-0x000000001B2C2000-memory.dmp

Filesize
8KB

Download