428d7fa627d74326ce61469231f7423afb7cee5ab1d86bbd97f65c8f89deaa14

Analysis

max time kernel
83s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2022 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ShareX.exe
Size

2.1MB
MD5

4822034a6d599f0724505fc1cd923b99
SHA1

30fdd2ca1e05a32e697e5a3bc022ac732cbdf2fb
SHA256

b9eb9daeeb987e9d98b6780fb13b02a9150f04408b2a178870ae68a92332ceb2
SHA512

e5c2039731e700ebe1baf722c6497c6466cf07bb8ca3523ed635881981556f66e78e21fc297f292fcff540808cfa9cd5f1f35d67fc342cd7cfcd7629b0cac671
SSDEEP

49152:kK9UPsP0F5n7ExB73vdItTNKz7gnqVCsY7Dgx2rnlX:V9LCsY7Dgx2hX

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

36 ipinfo.io
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ShareX.exe

description pid process

Token: SeDebugPrivilege 2528 ShareX.exe

flow	ioc
36	ipinfo.io

description	pid	process
Token: SeDebugPrivilege	2528	ShareX.exe

C:\Users\Admin\AppData\Local\Temp\ShareX.exe
"C:\Users\Admin\AppData\Local\Temp\ShareX.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2528-132-0x00000182FEB90000-0x00000182FEDA6000-memory.dmp

Filesize
2.1MB

Download
memory/2528-133-0x00000182FFEE0000-0x00000182FFFF8000-memory.dmp

Filesize
1.1MB

Download
memory/2528-134-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

Filesize
10.8MB

Download
memory/2528-135-0x0000018300220000-0x0000018300432000-memory.dmp

Filesize
2.1MB

Download
memory/2528-136-0x0000018300000000-0x00000183000B0000-memory.dmp

Filesize
704KB

Download
memory/2528-137-0x00000182FF0E0000-0x00000182FF110000-memory.dmp

Filesize
192KB

Download
memory/2528-138-0x00000182FF150000-0x00000182FF178000-memory.dmp

Filesize
160KB

Download
memory/2528-139-0x00000183000B0000-0x000001830015A000-memory.dmp

Filesize
680KB

Download
memory/2528-140-0x00000182FF110000-0x00000182FF122000-memory.dmp

Filesize
72KB

Download
memory/2528-141-0x00000182FF680000-0x00000182FF6AA000-memory.dmp

Filesize
168KB

Download
memory/2528-142-0x0000018300910000-0x0000018300DDC000-memory.dmp

Filesize
4.8MB

Download
memory/2528-143-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

Filesize
10.8MB

Download
memory/2528-144-0x00000182FF6B0000-0x00000182FF6D2000-memory.dmp

Filesize
136KB

Download
memory/2528-145-0x00000182FFE20000-0x00000182FFE78000-memory.dmp

Filesize
352KB

Download
memory/2528-146-0x00000182FFDC0000-0x00000182FFDE2000-memory.dmp

Filesize
136KB

Download
memory/2528-147-0x0000018300160000-0x00000183001B0000-memory.dmp

Filesize
320KB

Download
memory/2528-148-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads