2d2ade3b8bf0f4be3dd02e2f9619e53f29b245cf57d168fff315fcd0e82f0b88

Analysis

max time kernel
143s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2023 11:30

Target

fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
Size

4.3MB
MD5

0ec5733b06b56ca20ea27dbb45da8025
SHA1

16f5d5ecb45068a69763e46edd784cff54a39745
SHA256

fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b
SHA512

0f381d5c82bf90905eb741b28e8d7e1667fc84ed5a7989a9eccb5c52e39547607f1823b8edf170c6aeb52c4cb933694755f4acbed3dfe50cf39f96fae70f1587
SSDEEP

49152:fVmbUwnOI1d3fQdTWOAMoXX0mZLuCd1C1qCZ+ysmPCinu/NKgfaEjVQAghdTVeJ/:w1KGMoUGXz4yRcPeJ9t

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
19	ip-api.com

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe

pid	Process
4576	fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
4576	fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
4576	fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
4576	fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
4576	fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
4576	fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe

C:\Users\Admin\AppData\Local\Temp\fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe
"C:\Users\Admin\AppData\Local\Temp\fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576