Analysis
-
max time kernel
44s -
max time network
69s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 19:17
Static task
static1
Behavioral task
behavioral1
Sample
f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe
Resource
win10v2004-20220414-en
General
-
Target
f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe
-
Size
652KB
-
MD5
4b86ba8062ee8b1c3107981fdc4cac43
-
SHA1
c610af05f36f492876c89471ff252d9d165f1662
-
SHA256
f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b
-
SHA512
0fe157bed42b9d03fa7c865888c12c645fa0171a455c9a55f2e97558e9aa9777a3ffe45a872848e9202fccbf71f018b358cc7fec4348c6f5d58769903b9335d8
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 1 ip-api.com -
Processes:
f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 2 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exepid process 1968 f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe 1968 f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe 1968 f39700e8f01e50fa8a48e8d31ea487e9003b4b58fe0f40a37c9b455e37a7d55b.exe