Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 12:08
Static task
static1
Behavioral task
behavioral1
Sample
DLL Injector Resou_nls..scr
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
DLL Injector Resou_nls..scr
-
Size
353KB
-
MD5
55244240d926c5dcf0a0432a474447e3
-
SHA1
1ba2bc860ac70f343155a8a9ceebc772e6d1509f
-
SHA256
1ed90c2a319e37c10a4646c8ae087d691ab13cbf2d39066080a96c685ab9c6c1
-
SHA512
a4fefa0f7245c46306204c013900831ebdbe6e568a8bdeaca80d13f04e4f4e616c1005a8a53bfcd42623ca35ed9b03890a58bbe38fad9b9ea0d7a354bc9c92c1
-
SSDEEP
6144:a7jx7iw0qvLJXnlUGujCtjno6itQl+REw6FMG/UHQS8PUHIRA8yVYtFmCaxHUV:a7VkqjVnl36ud0zR/6CtQ9PUHIG8Dn
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 ipinfo.io 5 ipinfo.io -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2332 DLL Injector Resou_nls..scr