cc3e4dbf0ff344d66a39066a453f0dd52160c46fff4ce9d9abc7b0f9e22552da

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2023, 09:23

Target

Task_1.exe
Size

1.6MB
MD5

7f2ef21170425e699b8fa5fd0f693a9b
SHA1

e8b956a217baf251e9e2781344f97d0c6e270f23
SHA256

cc3e4dbf0ff344d66a39066a453f0dd52160c46fff4ce9d9abc7b0f9e22552da
SHA512

03f635ef1cfab9168e6c52cb3b5d8aa8864d350a85bc936f75fbbd16ba6b80681a8e8d0e15389a24c7182ec41b330028eadc88823823d97d61d90496ff5c979c
SSDEEP

24576:0GZSAAt2nt0G4KAnZlACIej7zM2tjc1Vs:ZZSAtl4KAzACIejDc

Score

6^/10

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	api.ipgeolocation.io
8	api.ipgeolocation.io

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4732	Task_1.exe

C:\Users\Admin\AppData\Local\Temp\Task_1.exe
"C:\Users\Admin\AppData\Local\Temp\Task_1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4732

memory/4732-133-0x0000000000D90000-0x0000000000F36000-memory.dmp

Filesize
1.6MB

Download
memory/4732-134-0x0000000005880000-0x00000000058F6000-memory.dmp

Filesize
472KB

Download
memory/4732-135-0x0000000005850000-0x0000000005860000-memory.dmp

Filesize
64KB

Download
memory/4732-136-0x0000000006E80000-0x0000000006EA2000-memory.dmp

Filesize
136KB

Download
memory/4732-137-0x0000000007320000-0x000000000733E000-memory.dmp

Filesize
120KB

Download