fd10887f7eb1f973956eb9ef053a9b74aa820819bcf96f98f9153573ef9a6800

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 03:26

Target

eeeasdasd.exe
Size

62KB
MD5

2e7336a2dda54ee6e7f155e4b7e474dc
SHA1

054a6ed86d4bcd88b3a35b6d09ce223e3fdbb6da
SHA256

fd10887f7eb1f973956eb9ef053a9b74aa820819bcf96f98f9153573ef9a6800
SHA512

74cb44876219f52eff1eb1869067d040ce557b444e4125cba68295a7ee55c9fa35a93808cabaa03ddc383646c8407d87c7db1fb5ed97ad6ca43c782a6fbef60b
SSDEEP

1536:yZrTx0fw3htimp6uy1yKb62xatR0gN9u7Oopa49x:yZrW+y1LbBktW7Oopr

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
32	ip-api.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4940	eeeasdasd.exe
Token: SeDebugPrivilege	4940	eeeasdasd.exe

C:\Users\Admin\AppData\Local\Temp\eeeasdasd.exe
"C:\Users\Admin\AppData\Local\Temp\eeeasdasd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4940

memory/4940-0-0x0000000000A20000-0x0000000000A36000-memory.dmp

Filesize
88KB

Download
memory/4940-1-0x00007FF9BD110000-0x00007FF9BDBD1000-memory.dmp

Filesize
10.8MB

Download
memory/4940-2-0x000000001B8E0000-0x000000001B8F0000-memory.dmp

Filesize
64KB

Download
memory/4940-3-0x00007FF9BD110000-0x00007FF9BDBD1000-memory.dmp

Filesize
10.8MB

Download
memory/4940-4-0x000000001B8E0000-0x000000001B8F0000-memory.dmp

Filesize
64KB

Download