107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f | Triage

Analysis

max time kernel
175s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
09/03/2022, 08:55

Sharing

Report Analysis Logs

General

Target

107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f.exe
Size

292KB
MD5

8fe6f25fc7e8c0caab2fdca8b9a3be89
SHA1

a30bf5d046b6255fa2c4b029abbcf734824a7f15
SHA256

107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f
SHA512

e2c28b474b0825890f58cbf1a98d36e4ceef6aa1def9d0ac527f7b0679b39a38672f8732757c0184f3576683d770c43d006bc9c2b29bfeadec418390f44812a3

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
42	api.ipify.org
43	api.ipify.org

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3528	107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f.exe

C:\Users\Admin\AppData\Local\Temp\107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f.exe
"C:\Users\Admin\AppData\Local\Temp\107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3528-130-0x00000000746F0000-0x0000000074EA0000-memory.dmp

Filesize
7.7MB

Download
memory/3528-131-0x00000000009F0000-0x0000000000A40000-memory.dmp

Filesize
320KB

Download
memory/3528-132-0x00000000059A0000-0x0000000005F44000-memory.dmp

Filesize
5.6MB

Download
memory/3528-133-0x00000000053E0000-0x00000000053E1000-memory.dmp

Filesize
4KB

Download