67f81e01f39a9e7f04b68aa6667576b1c5fad4b8176f7071ccdb2275951338d8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:20

Target

67f81e01f39a9e7f04b68aa6667576b1c5fad4b8176f7071ccdb2275951338d8.exe
Size

6.5MB
MD5

132b88c50570642888912ff6d39c3db2
SHA1

fbfdf2fd1266bc44a20f947da4fe7a994269bfd6
SHA256

67f81e01f39a9e7f04b68aa6667576b1c5fad4b8176f7071ccdb2275951338d8
SHA512

25d5dc9af43d35bdc3e0eefaf1f996ffcf89e8146d3d892d18b63050b1e3157557fd882cd5fe94c6062ff61c92e8ec6a457a39a427bb9597afed527ea58e030f
SSDEEP

12288:Buw6dOC4qgzVf0Tgu9zRyZDmRImmlBvvILft:AwqL9lq9lxm

Score

6^/10

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2116	67f81e01f39a9e7f04b68aa6667576b1c5fad4b8176f7071ccdb2275951338d8.exe

C:\Users\Admin\AppData\Local\Temp\67f81e01f39a9e7f04b68aa6667576b1c5fad4b8176f7071ccdb2275951338d8.exe
"C:\Users\Admin\AppData\Local\Temp\67f81e01f39a9e7f04b68aa6667576b1c5fad4b8176f7071ccdb2275951338d8.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2116

memory/2116-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

Filesize
4KB

Download
memory/2116-1-0x0000000000830000-0x00000000008A8000-memory.dmp

Filesize
480KB

Download
memory/2116-2-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2116-3-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download