cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659 | Triage

Analysis

max time kernel
148s
max time network
175s
platform
windows7_x64
resource
win7-20220414-en
submitted
23/05/2022, 23:48

Sharing

Report Analysis Logs

General

Target

cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659.exe
Size

25KB
MD5

bc125af0ccbe37b20beb5e2628cda6d6
SHA1

d4aec9346f7a2bdd084471738809e28f77985f1c
SHA256

cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659
SHA512

62071b91b4e9179fed0ba63b71d15d01870313aed716b8d6e4650d441248a497a92261bcb2dc9c8c3a01c13bbbd349d3ed0ce69ad2cd2ef9c230bd2ee3d5f716

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
620	cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659.exe
620	cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659.exe

C:\Users\Admin\AppData\Local\Temp\cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659.exe
"C:\Users\Admin\AppData\Local\Temp\cf059fb6dca8f28b7c95a1b8d9ff30a62d05118b4c7dcee4a2103133fb535659.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/620-54-0x0000000076011000-0x0000000076013000-memory.dmp

Filesize
8KB

Download