67009212f5f0fb5ec7680fde5a92c2ef580ab6afc136047db2967b00c76821fa

Analysis

max time kernel
110s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 03:50

Target

file.exe
Size

2.5MB
MD5

d930d695d2832dcddfe4de6d917ddb25
SHA1

ccadf295d005293306cff94ec516d122ec3202dc
SHA256

67009212f5f0fb5ec7680fde5a92c2ef580ab6afc136047db2967b00c76821fa
SHA512

32cc680c8e81eacf1170b82139f9b595b0ff7c4f69b715cf5077e319531eea8f4d6f7f5166c99ce8632a6e4f07d429fff5f76f8e7a5786bfd09cee7568179bad
SSDEEP

49152:w1lkqXfd+/9AIUbowEOvygS7/1sHOqJ02nTPFdRPqxMaivHly8Pv6Uc:w1lkqXf0FvUcwti78OqJ7TPBvc8X6Uc

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
6	ip-api.com

Suspicious behavior: EnumeratesProcesses 24 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4480	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4480	file.exe

memory/4480-0-0x000001D3EA7A0000-0x000001D3EAA1C000-memory.dmp

Filesize
2.5MB

Download
memory/4480-2-0x000001D3EC6A0000-0x000001D3EC716000-memory.dmp

Filesize
472KB

Download
memory/4480-1-0x00007FFDABFB0000-0x00007FFDACA71000-memory.dmp

Filesize
10.8MB

Download
memory/4480-3-0x000001D3ED330000-0x000001D3ED340000-memory.dmp

Filesize
64KB

Download
memory/4480-4-0x000001D3EAFC0000-0x000001D3EAFDE000-memory.dmp

Filesize
120KB

Download
memory/4480-5-0x00007FFDABFB0000-0x00007FFDACA71000-memory.dmp

Filesize
10.8MB

Download
memory/4480-6-0x000001D3ED330000-0x000001D3ED340000-memory.dmp

Filesize
64KB

Download
memory/4480-7-0x000001D3EC760000-0x000001D3EC76A000-memory.dmp

Filesize
40KB

Download