Analysis

  • max time kernel
    41s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 17:36

General

  • Target

    329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe

  • Size

    682KB

  • MD5

    b890b71fc8ae5c295de0727f811f01d9

  • SHA1

    aa8fcf80df7d8c5aaa7d6dc8180b7d83746a5230

  • SHA256

    329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3

  • SHA512

    60bdd8fc317fb2632a738c234ee1a0a7cad5140bffa16860a08247e69e3bbe9074b8a4b6dc32edf706a80717c3ad545d8a29dd25527856c81f2c75f1bbea7fd4

  • SSDEEP

    12288:Z2bYlne6BkD5Eg0u81mF8Z6nIiMQoYsS3jid3AbSc6OqImFaRWo:Z2bYlnrkL0fmNnIMtZE35hOgF

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe
    "C:\Users\Admin\AppData\Local\Temp\329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/368-54-0x000000013F880000-0x000000013F92E000-memory.dmp

    Filesize

    696KB

  • memory/368-55-0x0000000002320000-0x00000000023B6000-memory.dmp

    Filesize

    600KB

  • memory/368-56-0x000000001AC60000-0x000000001ACD8000-memory.dmp

    Filesize

    480KB