329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 17:36

Target

329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe
Size

682KB
MD5

b890b71fc8ae5c295de0727f811f01d9
SHA1

aa8fcf80df7d8c5aaa7d6dc8180b7d83746a5230
SHA256

329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3
SHA512

60bdd8fc317fb2632a738c234ee1a0a7cad5140bffa16860a08247e69e3bbe9074b8a4b6dc32edf706a80717c3ad545d8a29dd25527856c81f2c75f1bbea7fd4
SSDEEP

12288:Z2bYlne6BkD5Eg0u81mF8Z6nIiMQoYsS3jid3AbSc6OqImFaRWo:Z2bYlnrkL0fmNnIMtZE35hOgF

Score

6^/10

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

3 api.ipify.org
4 api.ipify.org
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe

description pid process

Token: SeDebugPrivilege 368 329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe

flow	ioc
3	api.ipify.org
4	api.ipify.org

description	pid	process
Token: SeDebugPrivilege	368	329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe

C:\Users\Admin\AppData\Local\Temp\329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe
"C:\Users\Admin\AppData\Local\Temp\329dcb6dad9f6417897aabee2c031e81d1e2fe054c0d30815af204405897dab3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:368

memory/368-54-0x000000013F880000-0x000000013F92E000-memory.dmp

Filesize
696KB

Download
memory/368-55-0x0000000002320000-0x00000000023B6000-memory.dmp

Filesize
600KB

Download
memory/368-56-0x000000001AC60000-0x000000001ACD8000-memory.dmp

Filesize
480KB

Download