e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3

Analysis

max time kernel
264s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 17:54

Target

e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
Size

533KB
MD5

d28f2b1c2a803cb6da37464970ee3d36
SHA1

df311795b419aa0c4953ce281726fca845d97c41
SHA256

e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3
SHA512

d8da99a262f6e3ef04c7edd9584de8a5db23e6799d9d767eeb106209bc3496e2fe6494d52c9b3d01bba21027897c3825020f12f495b79080b0e9c3ba88ecb2ee
SSDEEP

6144:oujqcCbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx91:aQtqB5urTIoYWBQk1E+VF9mOx9

Score

6^/10

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

59 whatismyipaddress.com
62 whatismyipaddress.com
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe

description pid process

Token: SeDebugPrivilege 4304 e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe

flow	ioc
59	whatismyipaddress.com
62	whatismyipaddress.com

description	pid	process
Token: SeDebugPrivilege	4304	e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe

C:\Users\Admin\AppData\Local\Temp\e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
"C:\Users\Admin\AppData\Local\Temp\e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4304

memory/4304-132-0x0000000074FC0000-0x0000000075571000-memory.dmp

Filesize
5.7MB

Download
memory/4304-133-0x0000000074FC0000-0x0000000075571000-memory.dmp

Filesize
5.7MB

Download