b3a08637483b3c8ef52435807f4436eadd10e0c7383c0cb05cd343146942ad0b

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 04:37

Target

b3a08637483b3c8ef52435807f4436eadd10e0c7383c0cb05cd343146942ad0b.exe
Size

908KB
MD5

b8f4ebe9bc4d2885c235983f983bf65b
SHA1

5b4fade3024ba9198bd613a1fa355aec193fd0d2
SHA256

b3a08637483b3c8ef52435807f4436eadd10e0c7383c0cb05cd343146942ad0b
SHA512

39a1f06690df196f2cfe0174d6cfd5fc55428f48a0d74e95119985f4d74ed44e97052bf288290c5dd59bb6bf0a95d5c9111104d7883a1e4f5f9341669396a4d0
SSDEEP

192:xPuTunAtt5Pg1lld07xFVd4yywe/2D4Ec7KdT:tYcAP+PlOzVdNpe/REmi

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	b3a08637483b3c8ef52435807f4436eadd10e0c7383c0cb05cd343146942ad0b.exe

C:\Users\Admin\AppData\Local\Temp\b3a08637483b3c8ef52435807f4436eadd10e0c7383c0cb05cd343146942ad0b.exe
"C:\Users\Admin\AppData\Local\Temp\b3a08637483b3c8ef52435807f4436eadd10e0c7383c0cb05cd343146942ad0b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2124

memory/2124-0-0x000000007441E000-0x000000007441F000-memory.dmp

Filesize
4KB

Download
memory/2124-1-0x0000000000A90000-0x0000000000A9A000-memory.dmp

Filesize
40KB

Download
memory/2124-2-0x0000000074410000-0x0000000074AFE000-memory.dmp

Filesize
6.9MB

Download
memory/2124-3-0x000000007441E000-0x000000007441F000-memory.dmp

Filesize
4KB

Download
memory/2124-4-0x0000000074410000-0x0000000074AFE000-memory.dmp

Filesize
6.9MB

Download