Analysis

  • max time kernel
    1559s
  • max time network
    1562s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2023 00:36

General

  • Target

    Anarchy Panel 4.7/Anarchy Panel.exe.xml

  • Size

    3KB

  • MD5

    3d441f780367944d267e359e4786facd

  • SHA1

    d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5

  • SHA256

    49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9

  • SHA512

    5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7\Anarchy Panel.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2984
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f94c9f0396b1ec6520a853dabbd8e183

    SHA1

    d41d58279f017a060aeea7ca4df39b41b976070c

    SHA256

    5147e09fc1796c0daee9b64b27c66b15b97b727c124704888d8d2cd023de7052

    SHA512

    f22e57ca79e0692c85434cb8942d1d21b281859a4fc6663552ad5a99d785e24fbe70002a1d17e4e3bd80125299f28d9ab0326700e3e9c2cf38cbbe24de2c82b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    96e309b7e1715574a74bcd21e3d64bbf

    SHA1

    376f2419e8812ead26141871331abe92ce4416f4

    SHA256

    8b853a9863a87254514bd5e5d8161ca44575aa937ef4b07dd935765f4ac11caf

    SHA512

    8329825df35a1ea9b159d1066c6e3f1bba11ba4532aba684b0ccdd7e03569005e2867fbdf5a2f3698361cde0aca3e49dd5d16ab80996df84238d942103c6fc35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d063a2a6a109e637c29793d143a8523c

    SHA1

    b5b59967737a6b6528b01d0b2372bab8b335f281

    SHA256

    97e96c10bd3b0ca4968718bc49a7349f39359608989809c37de4fc3e6ac27fce

    SHA512

    aeb3a34903f3d73c8a4f79a0b774571826c29ff726d4020c231824ee30e0d6c8bef1801f644102792b4c864de9a39572d5f864bd44ddf6b3756c212e966f1130

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    812b1fd65e07405b366c61df99f4e585

    SHA1

    0dfbeee834646ca59f3ad311a94fe62efab4c905

    SHA256

    77197e7b937ea5eba4f3af471c9f9282c7302c23d1837fe062ec396c9a4b8b24

    SHA512

    b23dc73346b8773326a75482f2852d3925d966b1d16ea96b08aa92b56320db596c6a1da86b3dc91cff4305ccdd27c9132ed5cb9c6e92c40c80ffdd0ece6d104a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    719d7eb33c44ad7b08b6d8fdad8c1b2b

    SHA1

    80452aa5e8e6348fd4cb3b9c7bb1230ae37ebd94

    SHA256

    0a20f303b6a073798dcd56f0046f8a1cf2710414f260800599b069959ea6b5d6

    SHA512

    3cf8e907308d02246c2df7b5b7cfc0e44c24f633a85e4d22b17564101f92b2cb05de93aed1bcd152556202b85f6eafd23cc69b02ec4290cfab0bb4ccb75c6da5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    01bcf6985ccdc4e3d11bbd2ffec444a5

    SHA1

    022e2cfacbb800cca63d43397576b60ff296902f

    SHA256

    dfa0bfebc992dd7a6586942df2d05d5a3706bd871e478d5c8a2cc0c366dd3710

    SHA512

    92e4da814d55004ef1af3d7bb10d5cd110423a781ea227ec7d8ebf02d5b8210b17aa26b6f96ff0fb8f7573dd87c23411b92009632948a2cdbfdc9df368df9f87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    92b8b0c8a144d74c1cdcc8586e2dc523

    SHA1

    f9c4f6d7e7a416202d95c15fe605fe499e85f20c

    SHA256

    1df741becf2fa9f9ad0029c401876fec8531e3482bff5604e1d7eba2ce773950

    SHA512

    fd47a0305caca4a03d581ca596023869410ab584e7c494716f7270c3b6c260a8e05439992462fd6f27019640901c9ccf630342542a47ee3b621d188bbdf734d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    91aad0c4911713ddaf4f95024a9c12f5

    SHA1

    2a29446efef296239a12ce5bee3d14a5f880fee3

    SHA256

    665f19b0cd501aac7606ad802beb7640dae14a32e160f2013773f41379aab533

    SHA512

    84e35749533d1402ac3fd8fd65ca372842ef02b9fb93bf872ba616999752cfe6470771cf70b520ce19c4043c8a308949245b58447521ec2784799ee26ed8c1a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7cd10d63c58abab932977b550be96c7d

    SHA1

    070d242fc171a0e46f1f6c17a105669a7c0f7212

    SHA256

    cbb44dd4d858e5ec9a83a8a8f3036e3b3e360e3de296a324d2f163bb617fa195

    SHA512

    79dda8cd8417a28807dec51fe2b9495268e7d1e88b4ab383e62baba46ae9678a8a39d2240da799996bfbdf7b8831ae16a6ff4920d697714a866d707d7e577939

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977QBXKR\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab9741.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar985F.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WMIXVVC4.txt

    Filesize

    606B

    MD5

    358763a5ae28b2285b8c691688a9286e

    SHA1

    7d2cfa62517e614f0523595748188e2f25cbe718

    SHA256

    b5297fe487bfa7911d9e18632f0c3bd5fa73c0a708943fffb54da8fdbba6c29f

    SHA512

    e0d2f629d3db1bb0d48a82f74b6d15db577a35220ff43861802e102f5dcac69277cb076a9daf92f1c78325b8a49f53d7fef965a411def630f8e67945a78cadec