Analysis
-
max time kernel
291s -
max time network
281s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
06-07-2023 15:16
Static task
static1
Behavioral task
behavioral1
Sample
5F9948162215FF6FB2690AC6F722FC7785729CC3.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
5F9948162215FF6FB2690AC6F722FC7785729CC3.exe
Resource
win10v2004-20230703-en
General
-
Target
5F9948162215FF6FB2690AC6F722FC7785729CC3.exe
-
Size
4.3MB
-
MD5
d8b1af171a5bd5738f6dea6967f70056
-
SHA1
5f9948162215ff6fb2690ac6f722fc7785729cc3
-
SHA256
6885a59b5bc7235b0bf59e34040e5e092479aed7c538f6c0e450fe1473df5d20
-
SHA512
ec60a204e2af1134b79b5f9ad631116fe09d0cebe0acd509f8885ccc0832bed5400e1925b428af9a8a1eec960a9447c3909f86c106776b261fa3cc6028ed3f4a
-
SSDEEP
98304:MJ3PzMISkZf04q1tbdM7uMnSOZK75cOJNV+VQDC:MZbMgGZBMn1GXZC
Malware Config
Signatures
-
Unexpected DNS network traffic destination 10 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 Destination IP 60.205.157.48 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe Token: SeDebugPrivilege 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe Token: SeDebugPrivilege 2624 5F9948162215FF6FB2690AC6F722FC7785729CC3.exe