5272df59f81f949aecd9f778b0df0f233cde32678d05bd0642337b1272016db2

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 19:19

Target

2a6abf8945b67c80021892136e49f7c6.exe
Size

90KB
MD5

2a6abf8945b67c80021892136e49f7c6
SHA1

6cb50586ed80b13818f87c48391444f5b4467383
SHA256

5272df59f81f949aecd9f778b0df0f233cde32678d05bd0642337b1272016db2
SHA512

17c5dbf9286dccc2e9bd78cf7240f335ecc57bfec656900e70b38afd5396f095069f6bdebed07594cdcd4abfdfb5de5268be05f5d8674975f80298dfde5fcdae
SSDEEP

1536:TalEkKgJOyjc4oqULVJBoLmcYXV/O16nvaHWpeQrZYTjipvF2uNc1c:vbOHw5qLmcYXVlnvk8YvQd2q

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2284	antifahib.exe

Loads dropped DLL 1 IoCs

pid	Process
2868	2a6abf8945b67c80021892136e49f7c6.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	icanhazip.com

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2284	2868	2a6abf8945b67c80021892136e49f7c6.exe	28
PID 2868 wrote to memory of 2284	2868	2a6abf8945b67c80021892136e49f7c6.exe	28
PID 2868 wrote to memory of 2284	2868	2a6abf8945b67c80021892136e49f7c6.exe	28
PID 2868 wrote to memory of 2284	2868	2a6abf8945b67c80021892136e49f7c6.exe	28

C:\Users\Admin\AppData\Local\Temp\2a6abf8945b67c80021892136e49f7c6.exe
"C:\Users\Admin\AppData\Local\Temp\2a6abf8945b67c80021892136e49f7c6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\antifahib.exe
  C:\Users\Admin\AppData\Local\Temp\antifahib.exe
  2⤵
  - Executes dropped EXE
  PID:2284

C:\Users\Admin\AppData\Local\Temp\antifahib.exe

Filesize
90KB

MD5
8036c68d073694a45ab7ac32d0e566b2

SHA1
8e7e29a726be25e9959d4668767a84a90d271345

SHA256
c783cc1231eb6405d3a8c3b04fc5b1e3dcf9099b1a1fceeb62bd82a6981fe6cd

SHA512
25ca59047eb648e8333992013f4169d23c86ad4ba13f742f7b7d52ba5dbd4bb9b47ed57b4086835c1d51917300978851bc6675bff3d79dc77737b93e798be025

Download Submit
memory/2284-10-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2284-8-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2868-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2868-7-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2868-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download