Analysis
-
max time kernel
264s -
max time network
292s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 17:54
Static task
static1
Behavioral task
behavioral1
Sample
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
Resource
win10v2004-20221111-en
General
-
Target
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
-
Size
533KB
-
MD5
d28f2b1c2a803cb6da37464970ee3d36
-
SHA1
df311795b419aa0c4953ce281726fca845d97c41
-
SHA256
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3
-
SHA512
d8da99a262f6e3ef04c7edd9584de8a5db23e6799d9d767eeb106209bc3496e2fe6494d52c9b3d01bba21027897c3825020f12f495b79080b0e9c3ba88ecb2ee
-
SSDEEP
6144:oujqcCbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx91:aQtqB5urTIoYWBQk1E+VF9mOx9
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 59 whatismyipaddress.com 62 whatismyipaddress.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exedescription pid process Token: SeDebugPrivilege 4304 e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe