Analysis

  • max time kernel
    136s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-09-2023 01:19

General

  • Target

    Anarchy Panel.exe.xml

  • Size

    3KB

  • MD5

    3d441f780367944d267e359e4786facd

  • SHA1

    d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5

  • SHA256

    49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9

  • SHA512

    5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f40d98a8976daedd6028b2a5a552f930

    SHA1

    6ba5827425c976f7f6551d0730c8744328a3cf89

    SHA256

    cf3ad73cff35ba578f00d1541daa80c6d5e68753762eb45c0f45deae701a48b3

    SHA512

    7f04b624472ac50adeeb3d220fba2ca66c4fcc0bfd39f03eeaeaecd269660744eff4f4d3d113bf1ea67ddb460e8c368045749c467f3753a72cfefbfbeecd8509

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2d4cb0bdd7c14dfff506c19fd4939f07

    SHA1

    a6a904aa1c5e15127a609cbceb5f4f91d8bd5d9c

    SHA256

    45800327df63928c72b7cb1657b4c63daac2a6f301c63f51cff30109dd566ece

    SHA512

    5b7510703377c7ff5ffc9d14ee9e482c4e968c6e80f18045e2537f720b38c3ec9387a47a8b1d62b4eb6c0451c538a6ce95a6e94dfcceb1c5e3328e297b46e4dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba7e91afe40ef8b6a1c0dfea86f79115

    SHA1

    b06797fe55d27c120afd7abef6e6ccdaf7d0f1f4

    SHA256

    07fdc88d074e78a76283ef3e4dcd46a3a83cfad79c5c5635ad2b2ab0d644708a

    SHA512

    835e37fca667257df0ff433692911f588d858ececb6ca78599f0947cc8992a76b191f45b3c87f038fc550e9f1278d4ef64691dbaa0b4086fff960bef7fd6599d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e63d671d67bafd88efad07dc70508906

    SHA1

    7e0a0455b9576aa52ea5bef7e6d081bf18538c73

    SHA256

    ca77a3866840a051d46f8d689df03f8f2ef4cac8bfa98469338dff7467415f61

    SHA512

    53b0d3234374bb4ec92c3678bfd3c482b7d76a45723209296b4dd2ab6872cf9261d628f97780467ebcf582413b3757959f27b3dcf4cadef39a61d07a975a04ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ffb240bd2430764628a32f3f3ca35faf

    SHA1

    c20a015a70734e691ec3a718b2b244d135b1b3cf

    SHA256

    0505a031d5dcc70eaa05eb9cd63707b55d282e9575d54af55b5a806ce23fa6ed

    SHA512

    3d3d7dc0d969b073d30fde8d5083421ec91a55da4be1e0e8f1f617323ad2389df36b5635023c5577d42e7a0645b9b5e1a46e4fbf007c0ce462716c0f30b61caf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6a187a232ff2c5fcbf3989c7cee179f4

    SHA1

    ab8bda237a632b91458c6031c00c36649d5046fb

    SHA256

    15013a962691da3b6fdf5ccfe21c8a2a8e55d85d36af10ff811f8329b31caa5b

    SHA512

    2062ef187ca925875f3031dd4abb63ee7e7b7b97c80c32defc0243810e04dde9ea7d0e7813c229e4c1df2a4dee8d214aa6bcf0dc36640387b41ac30e394e4e3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    06e34f806459de2bf808fd6eeaede579

    SHA1

    0f29ef83100466370b2a5add62293b8feec557b6

    SHA256

    5ccc175074f157888807dbf11018d556170d033350c25f866bd73d4a3b855955

    SHA512

    7cfc22a02d261dbf77fddf611a122ce66a719a9a473e13a118b8ebf12cf2a0cf6abb991b9d88afa87eb24bf86fd9277c0ebc1460e3a769c92464ca8e1d1f58e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fe604456946d80b018acb4d3c7b7e59f

    SHA1

    a14e7bc905107e129a69077088c937eefd77ba85

    SHA256

    2dbbf7f992d08c86b06d4fea3bc97d20004f656c5498afab83b1e64762e65b2c

    SHA512

    83494cbccd0e8e12c98b67f53ed8d94cc4232b24a92220d7fadab805045c33588a94135403d72a378e206b96da3d7a506c413c9ecc108ba5d149519bc6474073

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e31c677b9f9503cee331760bccf44aa

    SHA1

    3bb9d16ab108732a700e6b513de7c311cbdd3f38

    SHA256

    3c4ac98beacf17b973496e64ce96a485859ffc47cdab09d63e958cc76e63f5b5

    SHA512

    fd85aae8a59bc61e127e65caf7d3eb229458a1dc1d14c02bea5241aad3989612487ae2413e6167d1ab435e590f85668fe7129e6334488a9ed1fe46624c84a08b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e896f3a5485a03732db80e48599167fe

    SHA1

    6f18e7cd345d29a5c209a26a12f7c2f439ab50ed

    SHA256

    1082115941f9cdc22b8d0cd148940f9f724b78d9c0937470726bfcd733633c9d

    SHA512

    acf7872adb5dae6a576bde4a385f942227fe8c0a112c86a4cdc892e3117eac1383a7581b893ee79862d3e0685d9cdee8ef805078263b6587bbea7d81277d118d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f800d0c53208e408daa3c73a4d617c4c

    SHA1

    cd78feced5b6cf333d934d6339822d0dc775a214

    SHA256

    dee0388dfcb101705b448012c98d47a01d6f7af1f42a502c95146da44eff2dd7

    SHA512

    9d30edeb49fe70be73766b49bce86be5569d6d391e9abb0ebc050178c109e22f3968f5f1e1f6f32d6eccc901b35d71f03e5cf3a2abac9ae3c22cc8e95c4e9e69

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d80b875f94f27a4cc42e07ba149e3583

    SHA1

    6ca39a5f4e2094cf8c69d159f6a55ec863744b9f

    SHA256

    4242dcbf5917f2d7078f6ef67626e91497e6c43e9a7e2765525faab9e164290b

    SHA512

    1f2bb2d5dfae06c993c3b52ec7c0b00a25ebf3a6ba524d7ae5077a3f79ec524eb58ed0177a3b7d3656fbb76be9fcf702998d7963b36a517b04ec53bdd1c0f1bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3606319e825154d10b44fd18b5f121a6

    SHA1

    d1170125edf7160ad3c574000db3da53e482a9dd

    SHA256

    46e665262a1325b0f0d9d996f4396b3ffb6455a15ebb7c0489c8e3905df860c1

    SHA512

    8d66e3cd3d28efa4d69b05e062f72c5126b8276229aab5960fb810eb159c6a587391164729ddfb5c8e74b667cb7b461544bfc15b601ef793f229a51f17c02c39

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2000100864e0af60cf4e2acf23a6dcd6

    SHA1

    827dfed26150a7492ccc8874082e26966850f447

    SHA256

    d04c674a1846e603ad8981e106a1cd951130f5c6016b335be0d6e41f8761a680

    SHA512

    516d5a3ee24b43595307ce3f932cfa3efbe575d3dde28a908b17b84bb7611c53d32901e11803ee835344c0b990454b69680208f7658b41b72ff9636c683ae782

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a93da016bff854cd5f43e075f942807e

    SHA1

    69d88347269fbd7c0210d503bfce3dd2762ebe49

    SHA256

    d40c126560000fb5ef08d100edb6652ca8d36ee286693e48d44f42f6b0d4e680

    SHA512

    e8abbf36ec8c486e9037e3ee670e3cd9797a65d59ed8484e3ed925f6fdfd90fa7ad08f380ce4fb1e8b2e88e282e043ab81c5d66ea499a032a8963c86ad94d98b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67ed206a1525d1303c1105633990b878

    SHA1

    7bf8791af5dedf18c076be2afb47f00ca68cf8c0

    SHA256

    2f2b57f9d69968f0ee3254f49ec7b14854b520887ebca4d4ed512402b2137341

    SHA512

    791863758c73976f5a145f984194fee208fd175ffe71d43230804025ac02f4b4dc832dc34c611ba366756ec6d676fcefbaaa4c536f2d3ed00fbf402600244eaa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5a867009c2f4f260caf8a61abe8137c4

    SHA1

    241680618ccd8d0006c75360608371d61e3e4d52

    SHA256

    05d0166ff95bb6358a9daf38f004d65231953096e57e7af792c485b4fea0193b

    SHA512

    122ef04bb47635c8abccae45875ded0a844fb532f2aeb7361b79bc4598ddf2a49d1113ff3222d91b866004bb00db4f9e564217dfe2ae593f99bf1a986b0a1213

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    090f7c42d7b424999e3b557feb5c90b1

    SHA1

    aac828b7c93225e9f0d48e5a6917497f635d2223

    SHA256

    02414e843f9cc7bef952c3eee241ec4572266b30eb56dbe0e41993b43bac0f58

    SHA512

    40f7783bba2e3ed968cc50e49a63818f129d688c96ff3786ddced5c325e4f310a06be18908f3c0e50e4fe3ee23795bb474e2bf09f21b1602cc52e02cad94054f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    52a8f18b19e589a71f38958e83f4d668

    SHA1

    6ec3592609487ab39b819587c4dd6ac3aab1fe7a

    SHA256

    b9c2835757be53d0cedb9fa05d990d6d8d8291300c1fb51ab499c011f2456a96

    SHA512

    bc5db42097b01e76b1fbddd29f1c55e6bfc94833d54631b3b1ade5a9caba3cbfc9134327ef81699728ff63d18e095e377c70d8fc82945330d6c947e8c951196b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5754e5fa0b9138e57009d74e3c07a874

    SHA1

    14bd3feef3b33bea89d152c4afa2c7a216e687b2

    SHA256

    304de02e6eb7ca43cb73f01c6961bef957b6fedf40d9e7ec481b0db99c7dafd2

    SHA512

    1ffee922f94bc40c261679894be00fb2370c91e4559e130e1960d40df266e6be5676e7af4b170e743e63adc015be7f8bb7959d8bbb2f1d4fc3370b54ecc0edea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d3461abcfc5abfdf8893b7995f74a97d

    SHA1

    094763470c06297f28da7105a934b9c7c7ae2085

    SHA256

    58530e5dbc7b2f99a865a2e446e6cc030986378b45191daa83f1558624d29709

    SHA512

    322fa5f7c8612b301c2c586b4449b444f471706a20872b2dd3b70fbae537b412dca0c73a1a3d905a976cbe9932f9df3dfbf2e4a0fdfa20a5043ce3d76340f63c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3759f88a15382304da1509cb942a4cc3

    SHA1

    0ed82a5b5e52654a6e4dffea78f2513f6f400994

    SHA256

    49e8f9ca4fd110f1d170bae69aaf07726716c3d93c26ca678b74122601f52f0d

    SHA512

    650377000f84eee5c266a70924d6c784eefa3a743bb6dc8e014334afc1a0b1be92fb8d5b2cbcf1ae2e386628e52319b9a90fdf507d6e9fbf1b6739b5eb29b58d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    029da8f245f8013197782ef060a5ee21

    SHA1

    7caf78543435fdd9baced1c8420b19ca285e4b7b

    SHA256

    ee39931f1956db6bf975d2bd5bd2dfca54cff3d0d0e23c03be69d365be7c4398

    SHA512

    b254ec876e46f9ef4059f9b0c07497cb761a009fedd331bf28d83d43d3a1aad0fdd9f6dc8c607833acbc721f14987c112512683c68e60e7239da43f1457c4699

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    43bfa87ba59f089042b853d1e1260251

    SHA1

    3cbef96972bbf5e8aa5d1e1074de717a1eb66765

    SHA256

    e1ba919bd7fb21f936803b2efbe974097636c48d2326f5d05035bfe4ef2af351

    SHA512

    1cdc5324f87148b617cfc3410eb499b22b77cbc76633dad64cf39207083f2d3b9047bfa9cda4fdd7b999bf521300ce49e98c1c3360d0f1b64a4614a0b2da3cf8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f68e9c02b9291f6d2d5f8df1a09c2343

    SHA1

    2327f4a1e03fad8a05707ce6d13ccc1f391de906

    SHA256

    5ce9eae158a494775bbe39596ccadac1069a47d6e94176b75af21ef2ce3067e5

    SHA512

    807b16771dbbdcb89c306aa7edcbdc460d35e6aed28785e86c0b39ff7dd5fecd757174569b45c5b5269860c8d8fae77c9e7dabb92bb2b719ecebc9264d151687

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6404bd741037a166b6896b02ff6d1d6c

    SHA1

    10048b0eedc7ca3e820dc385575223b518cae457

    SHA256

    a66dc3463d0e24418efa18925dbcfa0382666624c584ed806605bc67ec3dc55c

    SHA512

    d9b146a9049639acfb1ae4f11b17d77df8324d63218e02770183dceb343e4e11c9a1b2f3a7fdbdd2133daec44ee6581c978544b9f68a12b1681170843ae67250

  • C:\Users\Admin\AppData\Local\Temp\Cab53BE.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar540F.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf