e7673c880ee230d32c67ff76b859699b3045c4c242d24010279022186d98be63

Analysis

max time kernel
28s
max time network
28s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 23:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

External_IP_Check.exe
Size

18KB
MD5

27806a2932f40a546e7e9d63271743a3
SHA1

47b777ca12e1f577772f8f1b01b5e387419cb57e
SHA256

e7673c880ee230d32c67ff76b859699b3045c4c242d24010279022186d98be63
SHA512

731d5f4376d8bf0b8d6148398e69b4eadb31504d045097d855979dedb486ffb3de1f7e1dfb9eaf52a0c5aa7ea9d70154592acbd4f089ed70b7f3976a931243c9
SSDEEP

384:yipKLFCFEugwrekebPQm+jS0g/U1g7aPGde22w:mYPIbPCg/N7dde2h

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ipinfo.io

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	External_IP_Check.exe

C:\Users\Admin\AppData\Local\Temp\External_IP_Check.exe
"C:\Users\Admin\AppData\Local\Temp\External_IP_Check.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads