90a3a2e1caf9779088a9a363146f521dfdd8d518df4b53290840fbfec095b8b3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 05:59

Target

90a3a2e1caf9779088a9a363146f521dfdd8d518df4b53290840fbfec095b8b3.exe
Size

886KB
MD5

eaaf2b21782af2216a0ca0065ec9ac29
SHA1

bddb7b691c5c974eb155c1280a2f25b1f1363def
SHA256

90a3a2e1caf9779088a9a363146f521dfdd8d518df4b53290840fbfec095b8b3
SHA512

2bb0cb055ee37f836677c0c695664666fa80d674c5133db3975327d413ce43cca2bc25b1de027afd5d3984186cf78f9a6156961eb1823e52c15b281a56b57ec6
SSDEEP

192:xPuTunAtt5Pg1lld07xFVd4yywe/2D4Ec7KdT:tYcAP+PlOzVdNpe/REmi

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2188	90a3a2e1caf9779088a9a363146f521dfdd8d518df4b53290840fbfec095b8b3.exe

C:\Users\Admin\AppData\Local\Temp\90a3a2e1caf9779088a9a363146f521dfdd8d518df4b53290840fbfec095b8b3.exe
"C:\Users\Admin\AppData\Local\Temp\90a3a2e1caf9779088a9a363146f521dfdd8d518df4b53290840fbfec095b8b3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2188

memory/2188-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/2188-1-0x0000000000D70000-0x0000000000D7A000-memory.dmp

Filesize
40KB

Download
memory/2188-2-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2188-3-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/2188-4-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download