fc4f8f863667be04023c27ff135e44ab249f95878ccb05e7981a3233eab64f98

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 04:18

Target

fc4f8f863667be04023c27ff135e44ab249f95878ccb05e7981a3233eab64f98.exe
Size

319KB
MD5

281f51219b7f7706383d3e1d48c7a48e
SHA1

fd844a6fc6c1dede981d97d9c528709fa271c41a
SHA256

fc4f8f863667be04023c27ff135e44ab249f95878ccb05e7981a3233eab64f98
SHA512

34bb165d5d9a19c973d9a8f537779230a5ad6c010cf097e6647f9302a96cf299b0bee3a8acab6124cb698905369352d94cbd17cf9d95589e339baf2cf26c096d
SSDEEP

192:xPuTunAtt5Pg1lld07xFVd4yywe/2D4Ec7KdT:tYcAP+PlOzVdNpe/REmi

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1932	fc4f8f863667be04023c27ff135e44ab249f95878ccb05e7981a3233eab64f98.exe

C:\Users\Admin\AppData\Local\Temp\fc4f8f863667be04023c27ff135e44ab249f95878ccb05e7981a3233eab64f98.exe
"C:\Users\Admin\AppData\Local\Temp\fc4f8f863667be04023c27ff135e44ab249f95878ccb05e7981a3233eab64f98.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1932

memory/1932-0-0x0000000073FFE000-0x0000000073FFF000-memory.dmp

Filesize
4KB

Download
memory/1932-1-0x0000000000050000-0x000000000005A000-memory.dmp

Filesize
40KB

Download
memory/1932-2-0x0000000073FF0000-0x00000000746DE000-memory.dmp

Filesize
6.9MB

Download
memory/1932-3-0x0000000073FFE000-0x0000000073FFF000-memory.dmp

Filesize
4KB

Download
memory/1932-4-0x0000000073FF0000-0x00000000746DE000-memory.dmp

Filesize
6.9MB

Download