429d367426d5af533aae37ba504b2b2b04595c2bf7f6edcb6ff6f3ae062fe5ef | Triage

Analysis

max time kernel
4294181s
max time network
127s
platform
windows7_x64
resource
win7-20220223-en
submitted
10-03-2022 22:57

Sharing

Report Analysis Logs

General

Target

429d367426d5af533aae37ba504b2b2b04595c2bf7f6edcb6ff6f3ae062fe5ef.exe
Size

552KB
MD5

20dbcf99312f9a6c20657fc308431444
SHA1

03728e301e24e5afa9ba5ed8d4fda9416863b95d
SHA256

429d367426d5af533aae37ba504b2b2b04595c2bf7f6edcb6ff6f3ae062fe5ef
SHA512

92b9878bbb0f4bf52baebfc5508d3eadfd1916c67fdce2b49581b280adb66cec66de0aaefea7e09873be0987cda84b4e71e5f17f86f0b60a685c5115e330060f

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

5 bot.whatismyipaddress.com

C:\Users\Admin\AppData\Local\Temp\429d367426d5af533aae37ba504b2b2b04595c2bf7f6edcb6ff6f3ae062fe5ef.exe
"C:\Users\Admin\AppData\Local\Temp\429d367426d5af533aae37ba504b2b2b04595c2bf7f6edcb6ff6f3ae062fe5ef.exe"
1⤵
PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-54-0x00000000753E1000-0x00000000753E3000-memory.dmp

Filesize
8KB

Download
memory/1664-55-0x0000000074060000-0x000000007460B000-memory.dmp

Filesize
5.7MB

Download
memory/1664-56-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1664-57-0x0000000074060000-0x000000007460B000-memory.dmp

Filesize
5.7MB

Download