Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 07:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Build.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
Build.exe
-
Size
15KB
-
MD5
27275853bd5996fb2f3767772d068d56
-
SHA1
14fb4c3c74870f14af8c4cd7c8eafa81c99c70c2
-
SHA256
abe621c37b2e40f6c6b3d9da15e37d4001188e10bac99e5d66c23cee23b98d03
-
SHA512
7e05ec050eaea236c04d74042ac1b2d5634e2be0dd3b8807bada25c38f2f758de9cc25d69fcfd5086b949dc74b97ad2401bce9e6db541153cec60e33024cc887
-
SSDEEP
384:twpcZrxSdohsUVdko8bxjsCa2txgb6P/sxErmM8/ANWUh:mpSk8VOfb2M669Sct
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 api.ipify.org 5 api.ipify.org -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Build.exedescription pid process Token: SeDebugPrivilege 2208 Build.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Build.exedescription pid process target process PID 2208 wrote to memory of 2728 2208 Build.exe WerFault.exe PID 2208 wrote to memory of 2728 2208 Build.exe WerFault.exe PID 2208 wrote to memory of 2728 2208 Build.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2208-0-0x000007FEF5533000-0x000007FEF5534000-memory.dmpFilesize
4KB
-
memory/2208-1-0x00000000009A0000-0x00000000009AA000-memory.dmpFilesize
40KB
-
memory/2208-2-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmpFilesize
9.9MB
-
memory/2208-17-0x000007FEF5533000-0x000007FEF5534000-memory.dmpFilesize
4KB
-
memory/2208-18-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmpFilesize
9.9MB