Overview

overview

7

Static

static

1

AnyStream ...ch.rar

windows10-2004-x64

3

anystream....PT.exe

windows10-2004-x64

7

AnyStream ...it.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    23s
  • max time network
    25s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2023, 17:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    anystream.1.1.3.1.[x64]-MPT.exe

  • Size

    168KB

  • MD5

    318babbb2a1d9995fd174bfb52575d32

  • SHA1

    aa656e1734771733428896cef39cf2bce39f0836

  • SHA256

    e057b11c85f36f907b1bfd4b5f40c574ff9930fc63a20d3045d64bcae8a88187

  • SHA512

    ae2981e6ada81c0b7360a16c687855b723c16d06b2498826ddd7b18835296c8e2ae7e7a5451adaec55d4b90f0b4f5f3ccb707b9e502b7e2a33ae8dfeab39d624

  • SSDEEP

    3072:+Mk+uB0ZZJ01C2ZBxJofAXwU4+T+ZvWtkyoG/4p9tG2DVr:+tGZ0zq4X0Z+2J7tP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\anystream.1.1.3.1.[x64]-MPT.exe
    "C:\Users\Admin\AppData\Local\Temp\anystream.1.1.3.1.[x64]-MPT.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    PID:1328
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3fc 0x504
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2412

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\bassmod.dll
          Filesize

          9KB

          MD5

          780d14604d49e3c634200c523def8351

          SHA1

          e208ef6f421d2260070a9222f1f918f1de0a8eeb

          SHA256

          844eb66a10b848d3a71a8c63c35f0a01550a46d2ff8503e2ca8947978b03b4d2

          SHA512

          a49c030f11da8f0cdc4205c86bec00653ec2f8899983cad9d7195fd23255439291aaec5a7e128e1a103efd93b8566e86f15af89eba4efebf9debce14a7a5564b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll
          Filesize

          134KB

          MD5

          f2bc37b37768e8f2b3dd7f9b91df5c2a

          SHA1

          f80b41ac9d8fbe651600124a726122bcf2fd3b60

          SHA256

          a4d51d00ea3644fb7265d1d22507444fe13b085470746165a74f4a6e98de5d42

          SHA512

          353296dcf2f1b4ebf4fc3f6aaea636499b143c225c7f34db66aab73cd8abf2187c56fd3c04bad044a75b1a0c7b7b8321d0e2bee7f14b5b0e6299fb26d3ea9e27

          Download Submit

        • memory/1328-137-0x0000000074E20000-0x0000000074E8D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/1328-143-0x0000000002BA0000-0x0000000002BA3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/1328-144-0x0000000074E20000-0x0000000074E8D000-memory.dmp

          Filesize

          436KB

          Download