Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
27-01-2022 16:53
Static task
static1
Behavioral task
behavioral1
Sample
исходник.exe
Resource
win7-en-20211208
General
-
Target
исходник.exe
-
Size
2MB
-
MD5
cb267c252a42ed8e1de90463e2ab4013
-
SHA1
fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b
-
SHA256
1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0
-
SHA512
ece505a79a2e2b84b731ece8024e37f4da579f6af1555ad6ae2088c5fe4c5884819e64a4ca7b42fcee464912179e88a9782566cf5f2ff18f9bf63121e5045b01
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service ⋅ 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 api.ipify.org 5 api.ipify.org -
Suspicious use of AdjustPrivilegeToken ⋅ 1 IoCs
Processes:
исходник.exedescription pid process Token: SeDebugPrivilege 760 исходник.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\исходник.exePID:760"C:\Users\Admin\AppData\Local\Temp\исходник.exe"Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Loading data