Analysis

  • max time kernel
    135s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2023 00:41

General

  • Target

    Anarchy Panel/Anarchy Panel.exe.xml

  • Size

    3KB

  • MD5

    3d441f780367944d267e359e4786facd

  • SHA1

    d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5

  • SHA256

    49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9

  • SHA512

    5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1892
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04b353a5a06af9026634e57cb8d4bf43

    SHA1

    8dbe59a052323f56bc4f97ceafb6e0f659a46b1c

    SHA256

    2c932f39fb079fcdb85e9d1d6cd2a80e32641f8a0042f3c8a25405eee1585790

    SHA512

    ddff6b13996180a501d7883a12a36bd6bb44c28091b62f2791c50eaedb1e0efa27f4e912fe98bd0adec8ba4330a04a0fb1286e6cbcf052e5ed49ec564f61d902

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    72e102b597d3e9df3dd2a0c4cf60fa96

    SHA1

    29f28b9888bb8f1e869a163e058d1d3a50dec372

    SHA256

    eb1ee272289cb7628452efd655e1942f7e12ebf2ed5155555ce837ded0560c9b

    SHA512

    550db2711b7d109de208ceab41924310f24aedd44d57a3bb77bfc2637d5d4071f987a7973092b9b2595776839e60469817ecb03b64f4260f1f683a2eef56946e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    133dc0e0f745f161fccaa233ff4a2b0f

    SHA1

    c1c2e974c4178522151de6dae2dd5c879f7f7eb8

    SHA256

    507023a44909a3f58078d9e7d197c7aad78693c6162cb326c695d2471b10fcdb

    SHA512

    5e62ffd4170274d4364329a1201d96374b34ac83838e6a080023d876f65b44717fbef604b1422074d77f387b1bb35f785376ef3f483b00f587f8fe91135cac87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6a9be1d4f6b67e5ec593e788e1a543ad

    SHA1

    13804b12396889a964ad978fcf281c102fe09cd0

    SHA256

    f44500929c86163d07cf77bfdb1aa58d476ea6bc8676dfe640db7da815a1aaae

    SHA512

    eaf073b4afae17b14a48d6d3558bad2eecb294b6904b743e8df85a1913c02de349f2af1f4284fe991c8dee7f42bc5129b203033b1e2af3caa5efae649b674e17

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    654a79e579b7f6c989eca33dcb8e87ee

    SHA1

    3e7afa271d66af495eb98fb00ae006dcba89d501

    SHA256

    3dbf920374e6f3ae3466681ed96da157ab0a22fd92bd69bac1203dc2f9db2035

    SHA512

    0c093d61f0e71c2487f71f8f211ca10af17b19b4b3157143955ac2796c9e1f36fe6577f9d16e232c8bab068881c751699655bb86f1275f7e40c860b3d3b30e01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4a0c1385fbb70c10e70d8997168cc97d

    SHA1

    7deef75792e35ca0c808cd830226fd3d4d3f38bb

    SHA256

    ef1e651d822f0cd784d536c22ea328e743f242b0492d367ec0e48659722f5d23

    SHA512

    bdf22c2e1b1134d6b39ac7a733bf50520d29f501b75346a14a51552477b17c5c44e7d9f53cbcb54781bdde487a83890a98ab68e2e77d6b70f6f9b01f45efd1b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3ce87a9a62808859fbb7b6959ec91287

    SHA1

    02efc8b646c6cb0b37b62cfaf8747ca4f43bcbce

    SHA256

    67ab113ec7eca16227f1124213d2de590ac65ddcadd775e3e8e277d9f9202bb8

    SHA512

    e86cd52363a8c8ee0d57906c41b98be379058cbfc15ef2f8d2471ebc12d1d85b22ecc232f6bdf81e0e4e19f0d091bbd4ac1cfbafef5d4c5ad922e3b4c15ab08d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b97ca5b1070fa7c466024e1ffcae4697

    SHA1

    a88d02a3e965628cf68de3622de72b9fc91cf9cb

    SHA256

    1ad2fa1ad4890142c632c46a6b811c7e792989b3c0b470ae0d472f6d50019daf

    SHA512

    93317441ead534810cc64180221587c18b9b5b4443a5fcfedb099ffaeeac9bba28528525e9cf9307b20ff7141632ab0ff49f47c1793e00ce335ae693d09096a4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    08c98a369171326d1ce891774f14a7b4

    SHA1

    1db762fb07e7c87d56d29ef22df4b346a5c65694

    SHA256

    988cc97a07d6c5be6e913541f2a5157033ab5990192fdb31a1aeeeb03775341c

    SHA512

    3c398f2916d1a610c543384174d0f6c93d878e855b7adfa3b77cfcde0a0142bd6496f45bdee3e6dd367fe9f7df9c80a89385c595589cc24f4280c7bc473a8c3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6a3cb45baf2f450d88835f41bd644e39

    SHA1

    4704fee50b168f6c2e8cb7d0c0a5e0854f9d15d3

    SHA256

    7509f37308ad92eb170a547b8ab9c50d8d195eb806de30e02d7cd37df80e2e3a

    SHA512

    8ac50dc2c11633141a4aa2a4442d5a127015de3df5635b096d87a54367a103695d4c18e2521a2c53175750fd76e84c832331fbade441f033b798eaecd992a330

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    15549967e167339b49c7986c912d80a2

    SHA1

    b892e475f10ac44624971b3663c6f88c9a4542e7

    SHA256

    96d0e1bc871cf9dfeca29b38bfe67f1949baf32f6dcd16b32b690c3a2c6a3630

    SHA512

    6d1bb25f213faff75a54316047f03905d7cabcb9ebaac152960696b362c74029b350f78f3a5fbb5bff3c1922fbc91a246f4c9e49c2e807b180318521bc093757

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    667346187c4df0da64d98df3f97f2172

    SHA1

    3390977193fd43790520412544ae98c5b55b3b25

    SHA256

    994411dd902496de6da5eaf81a969b283dbc3f6f326c3b2cb16f3d14218ca48a

    SHA512

    9b32d012a8205bcf9df6c717f4c00c571c35d61790a622f0baccee137d5c3e62a2411fe49ea24a29587ae48137fd57f5551fdde3fa9b48a4110740780d80aefb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b28813723897d953ff75d46446e10137

    SHA1

    c5bdfdf7e0e15e3a36d2e993b89e133ad36b30b8

    SHA256

    ee9617d605b63b949f43c38eb2b9d7163478b0826c52a31df8e9bc77caa4b3a4

    SHA512

    2279c6537818c7b625e478c41e8e35cd788d95b06324aebeb2e955218814f9caa53f77d944c9c608f4df0b1965e5a95d2286122f224326232d9ec374b2381d00

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    779c17fc5164b730116af9fb905baebd

    SHA1

    1c1ed38c5654a7adcee6b96ad045f25c4764809c

    SHA256

    6b201e824146b0d42df76e2ef6d08f88bc460968b6d37a005ea9067d1e9af6ad

    SHA512

    025a29f2c6fa9b2196c51002e31e5909a7f94e594295c8140a975dbb4e641cc2ab9d861b4557a6d9d07d111a50cc3a2355d50a0b665bbba55e45275d9e7eb71d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e89c0d9cd3d49e67625f1d738308f6cf

    SHA1

    1a61699dfd588ef4c10f8da583c373aca0c16e3b

    SHA256

    be8ed8ef49156581fd9bd2637541d31cc6e71b968acf5e6205acf0186e2a4cd8

    SHA512

    048bdc0110732281559f8314b359f793764c6604f73033a28560a5a4cf171db872cc85d5dda4c808e4f312b94e9c5745260db50e807c5f1b5d8d696862a34f5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4cdfbdcbc88b3fc9489d1c737a652e4

    SHA1

    ae6958322c71b87ba7e30814f3ee671b800b853d

    SHA256

    d038e8ba34d1de76335cdc5d7e1b28f09dc797fbc5ad12e546001faffa97ca9d

    SHA512

    41f648252faae23827e57b2f26acb02a070e736a62ea1df863ffc372d8ec1d26b04fab44d3efe94e868921b1c4c51cd18058d5d25ac2d446c564669482def2f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9cc0324fff9e1887ce5989ad7b52f776

    SHA1

    313e1f73fea80aabb52b5ac13d4ea74f975f760f

    SHA256

    f08e6de3dc5bfc02d005bea98cf497df29fd522d801486501856d5e0b7223e60

    SHA512

    51716b29c2eeaf7e416098d1605c92d30ae010e83658f7a76a30c8f798cf5d574f7511baa350dd90af1f888eaf1a81dda0c09751a22f16dd2a13c74dcc462c7d

  • C:\Users\Admin\AppData\Local\Temp\CabFE1F.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarFE81.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf