Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 17:36
Static task
static1
Behavioral task
behavioral1
Sample
329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe
-
Size
682KB
-
MD5
b890b71fc8ae5c295de0727f811f01d9
-
SHA1
aa8fcf80df7d8c5aaa7d6dc8180b7d83746a5230
-
SHA256
329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3
-
SHA512
60bdd8fc317fb2632a738c234ee1a0a7cad5140bffa16860a08247e69e3bbe9074b8a4b6dc32edf706a80717c3ad545d8a29dd25527856c81f2c75f1bbea7fd4
-
SSDEEP
12288:Z2bYlne6BkD5Eg0u81mF8Z6nIiMQoYsS3jid3AbSc6OqImFaRWo:Z2bYlnrkL0fmNnIMtZE35hOgF
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 3 api.ipify.org 4 api.ipify.org -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exedescription pid Process Token: SeDebugPrivilege 368 329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe