Overview
overview
10Static
static
10Anarchy Pa...el.exe
windows7-x64
10Anarchy Pa...el.exe
windows10-2004-x64
10Anarchy Pa...xe.xml
windows7-x64
1Anarchy Pa...xe.xml
windows10-2004-x64
3Anarchy Pa...oG.dll
windows7-x64
1Anarchy Pa...oG.dll
windows10-2004-x64
1Anarchy Pa...uJ.dll
windows7-x64
1Anarchy Pa...uJ.dll
windows10-2004-x64
1Anarchy Pa...qM.dll
windows7-x64
1Anarchy Pa...qM.dll
windows10-2004-x64
1Anarchy Pa...LC.dll
windows7-x64
1Anarchy Pa...LC.dll
windows10-2004-x64
5Anarchy Pa...wp.dll
windows7-x64
1Anarchy Pa...wp.dll
windows10-2004-x64
1Anarchy Pa...uZ.dll
windows7-x64
1Anarchy Pa...uZ.dll
windows10-2004-x64
1Anarchy Pa...nG.dll
windows7-x64
1Anarchy Pa...nG.dll
windows10-2004-x64
1Anarchy Pa...TS.dll
windows7-x64
1Anarchy Pa...TS.dll
windows10-2004-x64
1Anarchy Pa...xj.dll
windows7-x64
1Anarchy Pa...xj.dll
windows10-2004-x64
1Anarchy Pa...pi.dll
windows7-x64
1Anarchy Pa...pi.dll
windows10-2004-x64
1Anarchy Pa...s4.dll
windows7-x64
1Anarchy Pa...s4.dll
windows10-2004-x64
1Anarchy Pa...Ya.dll
windows7-x64
1Anarchy Pa...Ya.dll
windows10-2004-x64
1Anarchy Pa...Jn.dll
windows7-x64
1Anarchy Pa...Jn.dll
windows10-2004-x64
1Anarchy Pa...GA.dll
windows7-x64
1Anarchy Pa...GA.dll
windows10-2004-x64
1Analysis
-
max time kernel
1755s -
max time network
1168s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2023 00:36
Behavioral task
behavioral1
Sample
Anarchy Panel 4.7/Anarchy Panel.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Anarchy Panel 4.7/Anarchy Panel.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Anarchy Panel 4.7/Anarchy Panel.exe.xml
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
Anarchy Panel 4.7/Anarchy Panel.exe.xml
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
Anarchy Panel 4.7/Plugins/0guo3zbo66fqoG.dll
Resource
win7-20230712-en
Behavioral task
behavioral6
Sample
Anarchy Panel 4.7/Plugins/0guo3zbo66fqoG.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
Anarchy Panel 4.7/Plugins/59Zp7paEHDF7luJ.dll
Resource
win7-20230712-en
Behavioral task
behavioral8
Sample
Anarchy Panel 4.7/Plugins/59Zp7paEHDF7luJ.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
Anarchy Panel 4.7/Plugins/CjETR6GpGXqM.dll
Resource
win7-20230712-en
Behavioral task
behavioral10
Sample
Anarchy Panel 4.7/Plugins/CjETR6GpGXqM.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral11
Sample
Anarchy Panel 4.7/Plugins/EVa7gBMKoaHmLC.dll
Resource
win7-20230712-en
Behavioral task
behavioral12
Sample
Anarchy Panel 4.7/Plugins/EVa7gBMKoaHmLC.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
Anarchy Panel 4.7/Plugins/FBSyChwp.dll
Resource
win7-20230712-en
Behavioral task
behavioral14
Sample
Anarchy Panel 4.7/Plugins/FBSyChwp.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral15
Sample
Anarchy Panel 4.7/Plugins/G3nl0mDcABnDuZ.dll
Resource
win7-20230712-en
Behavioral task
behavioral16
Sample
Anarchy Panel 4.7/Plugins/G3nl0mDcABnDuZ.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral17
Sample
Anarchy Panel 4.7/Plugins/KNTmoSnG.dll
Resource
win7-20230712-en
Behavioral task
behavioral18
Sample
Anarchy Panel 4.7/Plugins/KNTmoSnG.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral19
Sample
Anarchy Panel 4.7/Plugins/PK0TcnqTGFagQTS.dll
Resource
win7-20230712-en
Behavioral task
behavioral20
Sample
Anarchy Panel 4.7/Plugins/PK0TcnqTGFagQTS.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral21
Sample
Anarchy Panel 4.7/Plugins/RssCnLKcGRxj.dll
Resource
win7-20230712-en
Behavioral task
behavioral22
Sample
Anarchy Panel 4.7/Plugins/RssCnLKcGRxj.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral23
Sample
Anarchy Panel 4.7/Plugins/WkUP83aP9CABpi.dll
Resource
win7-20230712-en
Behavioral task
behavioral24
Sample
Anarchy Panel 4.7/Plugins/WkUP83aP9CABpi.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral25
Sample
Anarchy Panel 4.7/Plugins/eMTYbTz0gueNs4.dll
Resource
win7-20230712-en
Behavioral task
behavioral26
Sample
Anarchy Panel 4.7/Plugins/eMTYbTz0gueNs4.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral27
Sample
Anarchy Panel 4.7/Plugins/fzAgyDYa.dll
Resource
win7-20230712-en
Behavioral task
behavioral28
Sample
Anarchy Panel 4.7/Plugins/fzAgyDYa.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral29
Sample
Anarchy Panel 4.7/Plugins/mGWHaG2Jn.dll
Resource
win7-20230712-en
Behavioral task
behavioral30
Sample
Anarchy Panel 4.7/Plugins/mGWHaG2Jn.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral31
Sample
Anarchy Panel 4.7/Plugins/mML6WKMqdxjDGA.dll
Resource
win7-20230712-en
Behavioral task
behavioral32
Sample
Anarchy Panel 4.7/Plugins/mML6WKMqdxjDGA.dll
Resource
win10v2004-20230703-en
General
-
Target
Anarchy Panel 4.7/Plugins/EVa7gBMKoaHmLC.dll
-
Size
170KB
-
MD5
64a3d908b8a5feff2bccfc67f3a67dbd
-
SHA1
a17d7e5fa57c99a067cac459cb507b625dac254e
-
SHA256
6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1
-
SHA512
66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc
-
SSDEEP
3072:/bFHKx2Vpgdk6BCNs19kPVoPsb7oR4ZkvEfxMxf4t8BkVb0Uc:/TVpgdkpNs19I6Pe7oR4ZAEfx+LiVb
Malware Config
Signatures
-
Drops file in System32 directory 3 IoCs
Processes:
svchost.exedescription ioc process File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C4C8BD77-D224-4F17-AF16-81DAE6FCD035}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat svchost.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 1608 svchost.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7\Plugins\EVa7gBMKoaHmLC.dll",#11⤵PID:808
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
PID:4580
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:1412
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1608
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5c01eaa0bdcd7c30a42bbb35a9acbf574
SHA10aee3e1b873e41d040f1991819d0027b6cc68f54
SHA25632297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40
SHA512d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD5bb40fbc226480c508d39693d38cec38e
SHA11ad89427482d5bc0c6387978e89750501dc19d5e
SHA2569e9312260b17484244827f311b8c074dafba75ac20f25ceb1eea66f9bd655bdf
SHA51275693ab8db77a9c0059551580c32861fcd34f2b781ab31a0c9d02c768120208da76eb7ff09678d8b61448c88ccabc8068b0a8e0dbddefa3fb2dbe60e7c8e5b92
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD5ae8533130073ebaf50cd79d27f827570
SHA12d5c8edbf1b3cfb885e7980539d873ccddbdc362
SHA256f7aef9cf3cc6e5df4a314f2849eb968d2e901d1c7e483769301eebf95c560ff7
SHA512ebfb0feee181f65db3baad2587cce08cb636ad84129ee3817e84f2dda3ec170c2f518fdaad6715a5fced93a8c594d5a7fb769794c5e35ef1ab96721beefa16f1
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD53bb7dc9ed69a8ac25da1fb2610ddd87e
SHA1e8f415cb45b0a1caf8e68283584d144bb89bb338
SHA2566f08ce47a5b22664deade3e3bf9a95c1397a92594589d96988bc42000a981e1d
SHA512f815c983e70664ad25df5800d8eec5bd7dbd3242bbf6c1fbd528be1f2307b4fdb23f3555d5780de295fd695856e2d7b86fe3e15df6a3f4eea7ef4d3493d8658e
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD522c1f20184a4da88dbd761e83d4d3e75
SHA1db09fa52db52d30153777f9c196f67225ad0522e
SHA256f6ac35241be252a7991ecab9e0748a305824d4801a142544e92665d44b38b385
SHA5125817ad83ffdfdea70298bfcb4b4f1b62e93b3616b1aeaca6113499840e8a39fd282517b3df75c1252e20cd81872f7bfc83ce14687d39677203770f860f7e3031
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD52fb50b37935e8bd968a846d82b8f8e83
SHA1676e22e916700a50154e9dae56114330fb7664ac
SHA25636230ac18b2e7c099b5a7ce6e66bec1aa20ba21742d66ff749151209b109c43e
SHA51205e8ffc99dbfc76d45d0558e25b460e78c0d0c89cf0949f547c00f17befaeab8d19817cce93c3f7b138f44d285deea2e32fc2c1f57e7049f79424a52940be701
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD55f379394d1942441c8dd49d92e383c32
SHA1cb03e7ce6157ec68c74c28e8bdce5ddb1bfa7a0b
SHA2560947ee5c019f54bf3acfc735889e243b44ff26a3dad183761ae27fad667a6032
SHA5126d234316a4dd1791ccf1ea164f48e8a904201d78747d6acd1a099cc0915dc30cf7adbe2a55c34c904ae3ff64c735eb2a6f19d165d6dcd36f7a3909cc29d6cd41
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD530b68dafb1e75a9f96b19a169d1bb9ec
SHA15ed22cd49f268842c97b948dfec259c73d5a7c9e
SHA2569e43b701575950d829b81a0a7b74355e48ee0f8ca43d10cd77e9f4bd3fd167e0
SHA512a7569c2d3c32b0b61a1d0e6fd6c8a94fd9f79ae4b7eed28bd883f694a78a329f68016a3e5f4d420ebe93bebf4d62f86aab7d3540aa1da4f641e56febfdf85463
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD5e78be81225dbe7869c8353d426e10517
SHA158e39bf67bdf119411be4f97c211fcf8acb72322
SHA2566cd370adf48e43e773a2f3b76ceae308796f46799e4275adc787612af166a8e4
SHA51243e351193f9e0e6a35d9eb0080362de27ce53605b30eae28d23cbbb1b40c3b6da171532572da8000d37cdcbf4c09675638ff3da329d4ad220114bd74bcd5a61a
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD51e953c338201641935bd59debfd058fa
SHA1f9ba7c3dd4ce5ba336c02a3181db38f7c05bbcff
SHA25670d7514d42b7ef3850f276508f6cc77cb1958572e695d77dd27613a877dafb10
SHA512d312255a2a530bbb8aec5d987bb86a0c68927273003ceb04c680b2bfba3183250140dd7595b9853ae96daff1cc1d034bfaa70819650eb3242d453bdadb940d09
-
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize29KB
MD5db275cf78eed4bd3a7944879449fecc2
SHA1fc2648932cebc6d370a57a497e402979b8ef3aaf
SHA256629c58336b353b73ff9675ba87d8c6c13375f2b467dc799b4bd26e04789f8107
SHA512f8e37f5fcbcf24400c6c617ad73c956b8270c462e103f52d9a4c2273ad5b9b77897fe0738dd54781914df9357aa382260dc48f2ff11a4f984e10b57ae891fe1b