Malware Analysis Report

2024-10-23 19:20

Sample ID 230910-bpyf4aee6z
Target Anarchy Panel 4.7.7z
SHA256 f31297dbb9f3aa6a6331c0d70ccfa89bc89b6a5e0a0b6eefb8078204d9bdf94a
Tags
rat asyncrat stormkitty stealerium
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f31297dbb9f3aa6a6331c0d70ccfa89bc89b6a5e0a0b6eefb8078204d9bdf94a

Threat Level: Known bad

The file Anarchy Panel 4.7.7z was found to be: Known bad.

Malicious Activity Summary

rat asyncrat stormkitty stealerium

AsyncRat

Asyncrat family

Async RAT payload

Stealerium family

StormKitty payload

Stormkitty family

Async RAT payload

Loads dropped DLL

.NET Reactor proctector

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-10 01:20

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Asyncrat family

asyncrat

Stealerium family

stealerium

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

136s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FBSyChwp.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FBSyChwp.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

122s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RssCnLKcGRxj.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RssCnLKcGRxj.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

120s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"

Network

N/A

Files

memory/2240-0-0x000007FEF5F20000-0x000007FEF690C000-memory.dmp

memory/2240-1-0x0000000000100000-0x000000000379E000-memory.dmp

memory/2240-2-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-3-0x00000000038E0000-0x00000000038E1000-memory.dmp

\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

MD5 56a504a34d2cfbfc7eaa2b68e34af8ad
SHA1 426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA256 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

memory/2240-8-0x000000001EF30000-0x000000001F518000-memory.dmp

memory/2240-9-0x000000001F760000-0x000000001FB20000-memory.dmp

memory/2240-10-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-11-0x000007FEF5F20000-0x000007FEF690C000-memory.dmp

memory/2240-12-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-13-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-14-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-15-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-16-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-17-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-18-0x000000001E850000-0x000000001E8D0000-memory.dmp

memory/2240-19-0x000000001E850000-0x000000001E8D0000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:23

Platform

win10v2004-20230831-en

Max time kernel

61s

Max time network

74s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\59Zp7paEHDF7luJ.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\59Zp7paEHDF7luJ.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 138.121.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

139s

Max time network

149s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\WkUP83aP9CABpi.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\WkUP83aP9CABpi.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 254.3.248.8.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

138s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\eMTYbTz0gueNs4.dll,#1

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\eMTYbTz0gueNs4.dll,#1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

memory/3996-0-0x000001E7A3340000-0x000001E7A3350000-memory.dmp

memory/3996-16-0x000001E7A3440000-0x000001E7A3450000-memory.dmp

memory/3996-32-0x000001E7AB9C0000-0x000001E7AB9C1000-memory.dmp

memory/3996-33-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-34-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-35-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-36-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-37-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-38-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-39-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-40-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-41-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-42-0x000001E7AB9F0000-0x000001E7AB9F1000-memory.dmp

memory/3996-43-0x000001E7AB610000-0x000001E7AB611000-memory.dmp

memory/3996-44-0x000001E7AB600000-0x000001E7AB601000-memory.dmp

memory/3996-46-0x000001E7AB610000-0x000001E7AB611000-memory.dmp

memory/3996-49-0x000001E7AB600000-0x000001E7AB601000-memory.dmp

memory/3996-52-0x000001E7AB540000-0x000001E7AB541000-memory.dmp

memory/3996-64-0x000001E7AB740000-0x000001E7AB741000-memory.dmp

memory/3996-66-0x000001E7AB750000-0x000001E7AB751000-memory.dmp

memory/3996-67-0x000001E7AB750000-0x000001E7AB751000-memory.dmp

memory/3996-68-0x000001E7AB860000-0x000001E7AB861000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:23

Platform

win10v2004-20230831-en

Max time kernel

107s

Max time network

90s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000002a57c20a100054656d7000003a0009000400efbe1f5755a02a57c60a2e000000a6e10100000001000000000000000000000000000000436d0f01540065006d007000000014000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000001f5755a01100557365727300640009000400efbe874f77481f57adad2e000000c70500000000010000000000000000003a00000000006be7e80055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000001f5756ad100041646d696e003c0009000400efbe1f5755a01f57adad2e00000087e101000000010000000000000000000000000000007e8eeb00410064006d0069006e00000014000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000001f57b4ad10004c6f63616c003c0009000400efbe1f5755a01f57b4ad2e000000a5e1010000000100000000000000000000000000000001891e014c006f00630061006c00000014000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\NodeSlot = "1" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000001f5755a012004170704461746100400009000400efbe1f5755a01f57adad2e00000092e10100000001000000000000000000000000000000b172d3004100700070004400610074006100000016000000 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 125.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 138.121.18.2.in-addr.arpa udp

Files

memory/4140-0-0x00007FF8AFEC0000-0x00007FF8B0981000-memory.dmp

memory/4140-1-0x0000000000230000-0x00000000038CE000-memory.dmp

memory/4140-2-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-3-0x0000000003E70000-0x0000000003E71000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

MD5 56a504a34d2cfbfc7eaa2b68e34af8ad
SHA1 426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA256 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

memory/4140-9-0x0000000005AB0000-0x0000000005AC2000-memory.dmp

memory/4140-10-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-11-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-12-0x00007FF8AFEC0000-0x00007FF8B0981000-memory.dmp

memory/4140-13-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-14-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-15-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-16-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-17-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-18-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-19-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-20-0x000000001E490000-0x000000001E4A0000-memory.dmp

memory/4140-21-0x00000000246D0000-0x00000000246E2000-memory.dmp

memory/4140-27-0x000000001E590000-0x000000001E59A000-memory.dmp

memory/4140-30-0x000000001E490000-0x000000001E4A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Usrs.p12

MD5 a8c14c0204e1da23da92b294f1544dcc
SHA1 ad1a58ba88d0c70ef2dfed5507abddb6498402ce
SHA256 99f819a393672435766e0d345180408592b114a62d5989b6066d1da686c10598
SHA512 6547854b22e4fc89582780e961adf694328040e636acff2b3d6c88fbd6bf551389b18914c8182d6c8ed7c92183e3b48cf6ac270c0305b3fa23c36ab23f64485f

C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_bhennukkrj4ap4ybumzdxwrmvm3shh42\4.7.0.0\user.config

MD5 4b01719ab493b81d429c574dbaca15ef
SHA1 719ef1e4e6616a3d8afce09de7f89ddcf186a3a3
SHA256 33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54
SHA512 4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234

C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_bhennukkrj4ap4ybumzdxwrmvm3shh42\4.7.0.0\user.config

MD5 495d368baef768dd527dd8b772702c87
SHA1 20ceb83c7076024e0491f169173607aa4a2e3931
SHA256 38f1820a88401c8e117bfeca56a11aa06dc806a175203e86f323dc6fb81fb3cf
SHA512 75770717f4bc7c9bdd13d747fdcd6306c38423b1b5d908b5d7cdf4da1b7bbe722f65bb52e63c61ca6da89981d8f5a99035c1d610a0fdacb706a046520c291d18

Analysis: behavioral7

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:22

Platform

win7-20230831-en

Max time kernel

23s

Max time network

18s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\59Zp7paEHDF7luJ.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\59Zp7paEHDF7luJ.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

119s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FBSyChwp.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FBSyChwp.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

120s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\PK0TcnqTGFagQTS.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\PK0TcnqTGFagQTS.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

122s

Max time network

132s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mML6WKMqdxjDGA.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mML6WKMqdxjDGA.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

122s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\fzAgyDYa.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\fzAgyDYa.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

150s

Max time network

170s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mGWHaG2Jn.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mGWHaG2Jn.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:22

Platform

win10v2004-20230831-en

Max time kernel

35s

Max time network

49s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.xml"

Signatures

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.xml"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 408 -p 4156 -ip 4156

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4156 -s 448

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 125.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp

Files

memory/4156-1-0x00007FFF9E810000-0x00007FFF9EA05000-memory.dmp

memory/4156-0-0x00007FFF5E890000-0x00007FFF5E8A0000-memory.dmp

memory/4156-2-0x00007FFF9E810000-0x00007FFF9EA05000-memory.dmp

memory/4156-3-0x00007FFF9C270000-0x00007FFF9C539000-memory.dmp

memory/4156-4-0x00007FFF5E890000-0x00007FFF5E8A0000-memory.dmp

memory/4156-5-0x00007FFF9E810000-0x00007FFF9EA05000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:22

Platform

win7-20230831-en

Max time kernel

38s

Max time network

19s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\0guo3zbo66fqoG.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\0guo3zbo66fqoG.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:22

Platform

win10v2004-20230831-en

Max time kernel

31s

Max time network

45s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\0guo3zbo66fqoG.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\0guo3zbo66fqoG.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 138.121.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

122s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\EVa7gBMKoaHmLC.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\EVa7gBMKoaHmLC.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

146s

Max time network

156s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\G3nl0mDcABnDuZ.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\G3nl0mDcABnDuZ.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 254.113.26.67.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

138s

Max time network

149s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\CjETR6GpGXqM.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\CjETR6GpGXqM.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

119s

Max time network

132s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\G3nl0mDcABnDuZ.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\G3nl0mDcABnDuZ.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

120s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\KNTmoSnG.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\KNTmoSnG.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

139s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\KNTmoSnG.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\KNTmoSnG.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

122s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\eMTYbTz0gueNs4.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\eMTYbTz0gueNs4.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

139s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mML6WKMqdxjDGA.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mML6WKMqdxjDGA.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

136s

Max time network

136s

Command Line

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AF9A701-4F78-11EE-B3E2-7EFDAE50F694} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000ee2e8b1b8e885df9f5bb3b79c2f458f0ab553d36fb5d678487f5f4bea655e253000000000e80000000020000200000009a7c7e594025214f5e7e2607b1478777de627bd0649f06a0de8d495dfbaaf774200000007d46c4ea33230d2c60508d8abc4a85d58efd75800f8680b5d3149693ea06c46240000000af7dcc48395f295f1466d2aad6864992aa399175cdf473c2617c18d76340431570d5fd76cda01b20674ad834f2197ac17202d11b59fb343ac63d3adb63b29386 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 103a0e4085e3d901 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000a5137defe17cce82e810166b679a8526ea2fc87cb3f589a9bec7db972bbc2e0f000000000e8000000002000020000000439553ca75898e44525a665eacdeca6ce9a96df3a46dc82ab8ec856697136703900000003dac5fa37d048959d58fc3d8ebacb4ab29340cd5b9a4f74e6695f4902c31601455be5d1ac36ef8722f21476f0cfb74fbc2721bbf8a6de146a651e2e2430231ba4d0ddb1e64c314167f32d8f9dbc6966a847e0c60931819e3d0ec0081fee8aec09c90cb57e0f90165a80aeba31e5f1aeccbae3ddddfa601302e282daca26af99fc6e7f9c97623d52f9bf16a18f708d8604000000011374f07e85a08fb94a910ce17bfaa7bdbfa1518dbed7d57d8a37b0df5a0bfd4b8b212a8d154519bc461c8475f9fb763f8fbb349d48129f6a72ba4ad97407802 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400470778" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1908 wrote to memory of 1216 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1908 wrote to memory of 1216 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1908 wrote to memory of 1216 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1908 wrote to memory of 1216 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1216 wrote to memory of 2728 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1216 wrote to memory of 2728 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1216 wrote to memory of 2728 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1216 wrote to memory of 2728 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.xml"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab53BE.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar540F.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f800d0c53208e408daa3c73a4d617c4c
SHA1 cd78feced5b6cf333d934d6339822d0dc775a214
SHA256 dee0388dfcb101705b448012c98d47a01d6f7af1f42a502c95146da44eff2dd7
SHA512 9d30edeb49fe70be73766b49bce86be5569d6d391e9abb0ebc050178c109e22f3968f5f1e1f6f32d6eccc901b35d71f03e5cf3a2abac9ae3c22cc8e95c4e9e69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3461abcfc5abfdf8893b7995f74a97d
SHA1 094763470c06297f28da7105a934b9c7c7ae2085
SHA256 58530e5dbc7b2f99a865a2e446e6cc030986378b45191daa83f1558624d29709
SHA512 322fa5f7c8612b301c2c586b4449b444f471706a20872b2dd3b70fbae537b412dca0c73a1a3d905a976cbe9932f9df3dfbf2e4a0fdfa20a5043ce3d76340f63c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6404bd741037a166b6896b02ff6d1d6c
SHA1 10048b0eedc7ca3e820dc385575223b518cae457
SHA256 a66dc3463d0e24418efa18925dbcfa0382666624c584ed806605bc67ec3dc55c
SHA512 d9b146a9049639acfb1ae4f11b17d77df8324d63218e02770183dceb343e4e11c9a1b2f3a7fdbdd2133daec44ee6581c978544b9f68a12b1681170843ae67250

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f40d98a8976daedd6028b2a5a552f930
SHA1 6ba5827425c976f7f6551d0730c8744328a3cf89
SHA256 cf3ad73cff35ba578f00d1541daa80c6d5e68753762eb45c0f45deae701a48b3
SHA512 7f04b624472ac50adeeb3d220fba2ca66c4fcc0bfd39f03eeaeaecd269660744eff4f4d3d113bf1ea67ddb460e8c368045749c467f3753a72cfefbfbeecd8509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d4cb0bdd7c14dfff506c19fd4939f07
SHA1 a6a904aa1c5e15127a609cbceb5f4f91d8bd5d9c
SHA256 45800327df63928c72b7cb1657b4c63daac2a6f301c63f51cff30109dd566ece
SHA512 5b7510703377c7ff5ffc9d14ee9e482c4e968c6e80f18045e2537f720b38c3ec9387a47a8b1d62b4eb6c0451c538a6ce95a6e94dfcceb1c5e3328e297b46e4dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba7e91afe40ef8b6a1c0dfea86f79115
SHA1 b06797fe55d27c120afd7abef6e6ccdaf7d0f1f4
SHA256 07fdc88d074e78a76283ef3e4dcd46a3a83cfad79c5c5635ad2b2ab0d644708a
SHA512 835e37fca667257df0ff433692911f588d858ececb6ca78599f0947cc8992a76b191f45b3c87f038fc550e9f1278d4ef64691dbaa0b4086fff960bef7fd6599d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e63d671d67bafd88efad07dc70508906
SHA1 7e0a0455b9576aa52ea5bef7e6d081bf18538c73
SHA256 ca77a3866840a051d46f8d689df03f8f2ef4cac8bfa98469338dff7467415f61
SHA512 53b0d3234374bb4ec92c3678bfd3c482b7d76a45723209296b4dd2ab6872cf9261d628f97780467ebcf582413b3757959f27b3dcf4cadef39a61d07a975a04ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffb240bd2430764628a32f3f3ca35faf
SHA1 c20a015a70734e691ec3a718b2b244d135b1b3cf
SHA256 0505a031d5dcc70eaa05eb9cd63707b55d282e9575d54af55b5a806ce23fa6ed
SHA512 3d3d7dc0d969b073d30fde8d5083421ec91a55da4be1e0e8f1f617323ad2389df36b5635023c5577d42e7a0645b9b5e1a46e4fbf007c0ce462716c0f30b61caf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a187a232ff2c5fcbf3989c7cee179f4
SHA1 ab8bda237a632b91458c6031c00c36649d5046fb
SHA256 15013a962691da3b6fdf5ccfe21c8a2a8e55d85d36af10ff811f8329b31caa5b
SHA512 2062ef187ca925875f3031dd4abb63ee7e7b7b97c80c32defc0243810e04dde9ea7d0e7813c229e4c1df2a4dee8d214aa6bcf0dc36640387b41ac30e394e4e3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06e34f806459de2bf808fd6eeaede579
SHA1 0f29ef83100466370b2a5add62293b8feec557b6
SHA256 5ccc175074f157888807dbf11018d556170d033350c25f866bd73d4a3b855955
SHA512 7cfc22a02d261dbf77fddf611a122ce66a719a9a473e13a118b8ebf12cf2a0cf6abb991b9d88afa87eb24bf86fd9277c0ebc1460e3a769c92464ca8e1d1f58e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe604456946d80b018acb4d3c7b7e59f
SHA1 a14e7bc905107e129a69077088c937eefd77ba85
SHA256 2dbbf7f992d08c86b06d4fea3bc97d20004f656c5498afab83b1e64762e65b2c
SHA512 83494cbccd0e8e12c98b67f53ed8d94cc4232b24a92220d7fadab805045c33588a94135403d72a378e206b96da3d7a506c413c9ecc108ba5d149519bc6474073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e31c677b9f9503cee331760bccf44aa
SHA1 3bb9d16ab108732a700e6b513de7c311cbdd3f38
SHA256 3c4ac98beacf17b973496e64ce96a485859ffc47cdab09d63e958cc76e63f5b5
SHA512 fd85aae8a59bc61e127e65caf7d3eb229458a1dc1d14c02bea5241aad3989612487ae2413e6167d1ab435e590f85668fe7129e6334488a9ed1fe46624c84a08b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e896f3a5485a03732db80e48599167fe
SHA1 6f18e7cd345d29a5c209a26a12f7c2f439ab50ed
SHA256 1082115941f9cdc22b8d0cd148940f9f724b78d9c0937470726bfcd733633c9d
SHA512 acf7872adb5dae6a576bde4a385f942227fe8c0a112c86a4cdc892e3117eac1383a7581b893ee79862d3e0685d9cdee8ef805078263b6587bbea7d81277d118d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d80b875f94f27a4cc42e07ba149e3583
SHA1 6ca39a5f4e2094cf8c69d159f6a55ec863744b9f
SHA256 4242dcbf5917f2d7078f6ef67626e91497e6c43e9a7e2765525faab9e164290b
SHA512 1f2bb2d5dfae06c993c3b52ec7c0b00a25ebf3a6ba524d7ae5077a3f79ec524eb58ed0177a3b7d3656fbb76be9fcf702998d7963b36a517b04ec53bdd1c0f1bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3606319e825154d10b44fd18b5f121a6
SHA1 d1170125edf7160ad3c574000db3da53e482a9dd
SHA256 46e665262a1325b0f0d9d996f4396b3ffb6455a15ebb7c0489c8e3905df860c1
SHA512 8d66e3cd3d28efa4d69b05e062f72c5126b8276229aab5960fb810eb159c6a587391164729ddfb5c8e74b667cb7b461544bfc15b601ef793f229a51f17c02c39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2000100864e0af60cf4e2acf23a6dcd6
SHA1 827dfed26150a7492ccc8874082e26966850f447
SHA256 d04c674a1846e603ad8981e106a1cd951130f5c6016b335be0d6e41f8761a680
SHA512 516d5a3ee24b43595307ce3f932cfa3efbe575d3dde28a908b17b84bb7611c53d32901e11803ee835344c0b990454b69680208f7658b41b72ff9636c683ae782

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a93da016bff854cd5f43e075f942807e
SHA1 69d88347269fbd7c0210d503bfce3dd2762ebe49
SHA256 d40c126560000fb5ef08d100edb6652ca8d36ee286693e48d44f42f6b0d4e680
SHA512 e8abbf36ec8c486e9037e3ee670e3cd9797a65d59ed8484e3ed925f6fdfd90fa7ad08f380ce4fb1e8b2e88e282e043ab81c5d66ea499a032a8963c86ad94d98b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67ed206a1525d1303c1105633990b878
SHA1 7bf8791af5dedf18c076be2afb47f00ca68cf8c0
SHA256 2f2b57f9d69968f0ee3254f49ec7b14854b520887ebca4d4ed512402b2137341
SHA512 791863758c73976f5a145f984194fee208fd175ffe71d43230804025ac02f4b4dc832dc34c611ba366756ec6d676fcefbaaa4c536f2d3ed00fbf402600244eaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a867009c2f4f260caf8a61abe8137c4
SHA1 241680618ccd8d0006c75360608371d61e3e4d52
SHA256 05d0166ff95bb6358a9daf38f004d65231953096e57e7af792c485b4fea0193b
SHA512 122ef04bb47635c8abccae45875ded0a844fb532f2aeb7361b79bc4598ddf2a49d1113ff3222d91b866004bb00db4f9e564217dfe2ae593f99bf1a986b0a1213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 090f7c42d7b424999e3b557feb5c90b1
SHA1 aac828b7c93225e9f0d48e5a6917497f635d2223
SHA256 02414e843f9cc7bef952c3eee241ec4572266b30eb56dbe0e41993b43bac0f58
SHA512 40f7783bba2e3ed968cc50e49a63818f129d688c96ff3786ddced5c325e4f310a06be18908f3c0e50e4fe3ee23795bb474e2bf09f21b1602cc52e02cad94054f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52a8f18b19e589a71f38958e83f4d668
SHA1 6ec3592609487ab39b819587c4dd6ac3aab1fe7a
SHA256 b9c2835757be53d0cedb9fa05d990d6d8d8291300c1fb51ab499c011f2456a96
SHA512 bc5db42097b01e76b1fbddd29f1c55e6bfc94833d54631b3b1ade5a9caba3cbfc9134327ef81699728ff63d18e095e377c70d8fc82945330d6c947e8c951196b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5754e5fa0b9138e57009d74e3c07a874
SHA1 14bd3feef3b33bea89d152c4afa2c7a216e687b2
SHA256 304de02e6eb7ca43cb73f01c6961bef957b6fedf40d9e7ec481b0db99c7dafd2
SHA512 1ffee922f94bc40c261679894be00fb2370c91e4559e130e1960d40df266e6be5676e7af4b170e743e63adc015be7f8bb7959d8bbb2f1d4fc3370b54ecc0edea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3759f88a15382304da1509cb942a4cc3
SHA1 0ed82a5b5e52654a6e4dffea78f2513f6f400994
SHA256 49e8f9ca4fd110f1d170bae69aaf07726716c3d93c26ca678b74122601f52f0d
SHA512 650377000f84eee5c266a70924d6c784eefa3a743bb6dc8e014334afc1a0b1be92fb8d5b2cbcf1ae2e386628e52319b9a90fdf507d6e9fbf1b6739b5eb29b58d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 029da8f245f8013197782ef060a5ee21
SHA1 7caf78543435fdd9baced1c8420b19ca285e4b7b
SHA256 ee39931f1956db6bf975d2bd5bd2dfca54cff3d0d0e23c03be69d365be7c4398
SHA512 b254ec876e46f9ef4059f9b0c07497cb761a009fedd331bf28d83d43d3a1aad0fdd9f6dc8c607833acbc721f14987c112512683c68e60e7239da43f1457c4699

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43bfa87ba59f089042b853d1e1260251
SHA1 3cbef96972bbf5e8aa5d1e1074de717a1eb66765
SHA256 e1ba919bd7fb21f936803b2efbe974097636c48d2326f5d05035bfe4ef2af351
SHA512 1cdc5324f87148b617cfc3410eb499b22b77cbc76633dad64cf39207083f2d3b9047bfa9cda4fdd7b999bf521300ce49e98c1c3360d0f1b64a4614a0b2da3cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68e9c02b9291f6d2d5f8df1a09c2343
SHA1 2327f4a1e03fad8a05707ce6d13ccc1f391de906
SHA256 5ce9eae158a494775bbe39596ccadac1069a47d6e94176b75af21ef2ce3067e5
SHA512 807b16771dbbdcb89c306aa7edcbdc460d35e6aed28785e86c0b39ff7dd5fecd757174569b45c5b5269860c8d8fae77c9e7dabb92bb2b719ecebc9264d151687

Analysis: behavioral28

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

140s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\fzAgyDYa.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\fzAgyDYa.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

119s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mGWHaG2Jn.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\mGWHaG2Jn.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:23

Platform

win7-20230831-en

Max time kernel

41s

Max time network

20s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\CjETR6GpGXqM.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\CjETR6GpGXqM.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

141s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\EVa7gBMKoaHmLC.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\EVa7gBMKoaHmLC.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 114.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

138s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\PK0TcnqTGFagQTS.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\PK0TcnqTGFagQTS.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win10v2004-20230831-en

Max time kernel

133s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RssCnLKcGRxj.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RssCnLKcGRxj.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 125.132.60.8.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-09-10 01:19

Reported

2023-09-10 01:24

Platform

win7-20230831-en

Max time kernel

117s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\WkUP83aP9CABpi.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\WkUP83aP9CABpi.dll,#1

Network

N/A

Files

N/A