исходник.exe
General
Target
Filesize
Completed
исходник.exe
2MB
27-01-2022 16:56
Score
6/10
MD5
SHA1
SHA256
cb267c252a42ed8e1de90463e2ab4013
fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b
1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0
Malware Config
Signatures 2
Filter: none
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
Reported IOCs
flow ioc 4 api.ipify.org 5 api.ipify.org -
Suspicious use of AdjustPrivilegeTokenисходник.exe
Reported IOCs
description pid process Token: SeDebugPrivilege 760 исходник.exe
Processes 1
-
C:\Users\Admin\AppData\Local\Temp\исходник.exe"C:\Users\Admin\AppData\Local\Temp\исходник.exe"Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/760-54-0x00000000003E0000-0x0000000000686000-memory.dmp
-
memory/760-55-0x000000001B160000-0x000000001B1D6000-memory.dmp
-
memory/760-56-0x000000001B2C0000-0x000000001B2C2000-memory.dmp
Title
Loading data