Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2023, 12:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4545.dll
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4545.dll
Resource
win10v2004-20230703-en
3 signatures
150 seconds
General
-
Target
4545.dll
-
Size
627KB
-
MD5
86efe486dedbca08d9ce8a0b4156b75b
-
SHA1
4f977cef5183e3d325cd8f9bb245b7de0f288256
-
SHA256
9b85fbfa3892a7a6deffba5d5bc5dd9c35ac6cb97a631752142faa0839423186
-
SHA512
56ba499f7e9dddccb029337048713171bc47f9055de68bb4a734a617fc12bf1870326ab97c3838e6c16e809d1c38326a57585469f40843e6ed54d92b5f1cca76
-
SSDEEP
12288:2TrZPDCk8aIcpSUM8IbLnFEeVJGAuG/g1ms5ULR:Ekk8av9IXFZoA9ghG
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 15 ip-api.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 996 regsvr32.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 996 wrote to memory of 1644 996 regsvr32.exe 80 PID 996 wrote to memory of 1644 996 regsvr32.exe 80