Analysis

  • max time kernel
    1755s
  • max time network
    1168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 00:36

General

  • Target

    Anarchy Panel 4.7/Plugins/EVa7gBMKoaHmLC.dll

  • Size

    170KB

  • MD5

    64a3d908b8a5feff2bccfc67f3a67dbd

  • SHA1

    a17d7e5fa57c99a067cac459cb507b625dac254e

  • SHA256

    6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1

  • SHA512

    66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc

  • SSDEEP

    3072:/bFHKx2Vpgdk6BCNs19kPVoPsb7oR4ZkvEfxMxf4t8BkVb0Uc:/TVpgdkpNs19I6Pe7oR4ZAEfx+LiVb

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7\Plugins\EVa7gBMKoaHmLC.dll",#1
    1⤵
      PID:808
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      PID:4580
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:1412
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1608

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\wsuA642.tmp

        Filesize

        14KB

        MD5

        c01eaa0bdcd7c30a42bbb35a9acbf574

        SHA1

        0aee3e1b873e41d040f1991819d0027b6cc68f54

        SHA256

        32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

        SHA512

        d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        bb40fbc226480c508d39693d38cec38e

        SHA1

        1ad89427482d5bc0c6387978e89750501dc19d5e

        SHA256

        9e9312260b17484244827f311b8c074dafba75ac20f25ceb1eea66f9bd655bdf

        SHA512

        75693ab8db77a9c0059551580c32861fcd34f2b781ab31a0c9d02c768120208da76eb7ff09678d8b61448c88ccabc8068b0a8e0dbddefa3fb2dbe60e7c8e5b92

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        ae8533130073ebaf50cd79d27f827570

        SHA1

        2d5c8edbf1b3cfb885e7980539d873ccddbdc362

        SHA256

        f7aef9cf3cc6e5df4a314f2849eb968d2e901d1c7e483769301eebf95c560ff7

        SHA512

        ebfb0feee181f65db3baad2587cce08cb636ad84129ee3817e84f2dda3ec170c2f518fdaad6715a5fced93a8c594d5a7fb769794c5e35ef1ab96721beefa16f1

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        3bb7dc9ed69a8ac25da1fb2610ddd87e

        SHA1

        e8f415cb45b0a1caf8e68283584d144bb89bb338

        SHA256

        6f08ce47a5b22664deade3e3bf9a95c1397a92594589d96988bc42000a981e1d

        SHA512

        f815c983e70664ad25df5800d8eec5bd7dbd3242bbf6c1fbd528be1f2307b4fdb23f3555d5780de295fd695856e2d7b86fe3e15df6a3f4eea7ef4d3493d8658e

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        22c1f20184a4da88dbd761e83d4d3e75

        SHA1

        db09fa52db52d30153777f9c196f67225ad0522e

        SHA256

        f6ac35241be252a7991ecab9e0748a305824d4801a142544e92665d44b38b385

        SHA512

        5817ad83ffdfdea70298bfcb4b4f1b62e93b3616b1aeaca6113499840e8a39fd282517b3df75c1252e20cd81872f7bfc83ce14687d39677203770f860f7e3031

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        2fb50b37935e8bd968a846d82b8f8e83

        SHA1

        676e22e916700a50154e9dae56114330fb7664ac

        SHA256

        36230ac18b2e7c099b5a7ce6e66bec1aa20ba21742d66ff749151209b109c43e

        SHA512

        05e8ffc99dbfc76d45d0558e25b460e78c0d0c89cf0949f547c00f17befaeab8d19817cce93c3f7b138f44d285deea2e32fc2c1f57e7049f79424a52940be701

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        5f379394d1942441c8dd49d92e383c32

        SHA1

        cb03e7ce6157ec68c74c28e8bdce5ddb1bfa7a0b

        SHA256

        0947ee5c019f54bf3acfc735889e243b44ff26a3dad183761ae27fad667a6032

        SHA512

        6d234316a4dd1791ccf1ea164f48e8a904201d78747d6acd1a099cc0915dc30cf7adbe2a55c34c904ae3ff64c735eb2a6f19d165d6dcd36f7a3909cc29d6cd41

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        30b68dafb1e75a9f96b19a169d1bb9ec

        SHA1

        5ed22cd49f268842c97b948dfec259c73d5a7c9e

        SHA256

        9e43b701575950d829b81a0a7b74355e48ee0f8ca43d10cd77e9f4bd3fd167e0

        SHA512

        a7569c2d3c32b0b61a1d0e6fd6c8a94fd9f79ae4b7eed28bd883f694a78a329f68016a3e5f4d420ebe93bebf4d62f86aab7d3540aa1da4f641e56febfdf85463

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        e78be81225dbe7869c8353d426e10517

        SHA1

        58e39bf67bdf119411be4f97c211fcf8acb72322

        SHA256

        6cd370adf48e43e773a2f3b76ceae308796f46799e4275adc787612af166a8e4

        SHA512

        43e351193f9e0e6a35d9eb0080362de27ce53605b30eae28d23cbbb1b40c3b6da171532572da8000d37cdcbf4c09675638ff3da329d4ad220114bd74bcd5a61a

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        1e953c338201641935bd59debfd058fa

        SHA1

        f9ba7c3dd4ce5ba336c02a3181db38f7c05bbcff

        SHA256

        70d7514d42b7ef3850f276508f6cc77cb1958572e695d77dd27613a877dafb10

        SHA512

        d312255a2a530bbb8aec5d987bb86a0c68927273003ceb04c680b2bfba3183250140dd7595b9853ae96daff1cc1d034bfaa70819650eb3242d453bdadb940d09

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

        Filesize

        29KB

        MD5

        db275cf78eed4bd3a7944879449fecc2

        SHA1

        fc2648932cebc6d370a57a497e402979b8ef3aaf

        SHA256

        629c58336b353b73ff9675ba87d8c6c13375f2b467dc799b4bd26e04789f8107

        SHA512

        f8e37f5fcbcf24400c6c617ad73c956b8270c462e103f52d9a4c2273ad5b9b77897fe0738dd54781914df9357aa382260dc48f2ff11a4f984e10b57ae891fe1b

      • memory/1608-342-0x0000020323880000-0x0000020323890000-memory.dmp

        Filesize

        64KB

      • memory/1608-361-0x0000020323980000-0x0000020323990000-memory.dmp

        Filesize

        64KB

      • memory/1608-377-0x000002032BCF0000-0x000002032BCF1000-memory.dmp

        Filesize

        4KB

      • memory/1608-379-0x000002032BD20000-0x000002032BD21000-memory.dmp

        Filesize

        4KB

      • memory/1608-380-0x000002032BD20000-0x000002032BD21000-memory.dmp

        Filesize

        4KB

      • memory/1608-381-0x000002032BE30000-0x000002032BE31000-memory.dmp

        Filesize

        4KB