Malware Analysis Report

2024-10-19 06:53

Sample ID 231027-a16feaca52
Target Anarchy Panel.zip
SHA256 618e0733108dd574590292fd338753a566376406c3c061ee624e99adb335724a
Tags
rat asyncrat zgrat stormkitty stealerium
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

618e0733108dd574590292fd338753a566376406c3c061ee624e99adb335724a

Threat Level: Known bad

The file Anarchy Panel.zip was found to be: Known bad.

Malicious Activity Summary

rat asyncrat zgrat stormkitty stealerium

Zgrat family

Stormkitty family

AsyncRat

StormKitty payload

Async RAT payload

ZGRat

Stealerium family

Asyncrat family

Detect ZGRat V1

Async RAT payload

.NET Reactor proctector

Loads dropped DLL

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-27 00:42

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Asyncrat family

asyncrat

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Stealerium family

stealerium

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Zgrat family

zgrat

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231025-en

Max time kernel

118s

Max time network

123s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.zip"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

138s

Max time network

164s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.zip"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231020-en

Max time kernel

122s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe"

Signatures

AsyncRat

rat asyncrat

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

ZGRat

rat zgrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe"

Network

N/A

Files

memory/852-0-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

memory/852-1-0x0000000000EE0000-0x000000000457E000-memory.dmp

memory/852-2-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-3-0x0000000000490000-0x0000000000491000-memory.dmp

\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

MD5 56a504a34d2cfbfc7eaa2b68e34af8ad
SHA1 426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA256 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

memory/852-8-0x000000001EF50000-0x000000001F538000-memory.dmp

memory/852-9-0x000000001F760000-0x000000001FB20000-memory.dmp

memory/852-10-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-12-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-13-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-14-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-11-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

memory/852-15-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-16-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-17-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-18-0x000000001DF60000-0x000000001DFE0000-memory.dmp

memory/852-19-0x000000001DF60000-0x000000001DFE0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

135s

Max time network

144s

Command Line

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca41000000000200000000001066000000010000200000000e85490a65f3257597c6e9bd2cd2f8c58bbe9de6275110c859a2c9d919bddbc4000000000e800000000200002000000080a422e310d0c32247a3727ede37790712081b246d6cd26c1eb440f3deb4ce7a200000008032530665a2b84b957b72aad87ca5aa1683ea7a05f077491c9afdb3e53151a1400000004afe62ebe4efce606a3ddbbebb21118b5599ed104370ff40d239f1f8c99029878793e0cad81f7ab9d04891115ab31be7a6e8866e6b01f2fe9343c4d1f7884f82 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04083D91-7462-11EE-90CD-CED6FD478C3D} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca4100000000020000000000106600000001000020000000421ff745de3c28d6e44b9f6cbf8a103be16d9aa3b53793a9f7f6a035af91046f000000000e8000000002000020000000f2276afdc1dddc359cf7a307b03c3438f62ef9379656d1d1b8b1f9de9649fe4e90000000e31201c1e075a76fd45ee050b43c15a749aa7342f27b3ace7caa3074fd5790378b17e1a4d2651b52467865db1efb8f2da3c200a730b065b58f013ea4c4e63d1462f5aa49e4acb976bc0cefa68403c00c87b1a6d468c2a14f4b15831559388a30c3f6c127a9c124c895e368850fc3b4378e5f79a025b4220bb08a961a61b8ac042cd57b811f9f6d7dea06aa0627ebc6f6400000004667dd45dced0a397a654db30fd8d2fbd3741b59317256c4366229e50e2d7383e75b589f92c2893d487107988f92c37c4fab41c30d23ea9dcecb01c3dbf3e071 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404529350" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 408540d96e08da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2068 wrote to memory of 1752 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2068 wrote to memory of 1752 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2068 wrote to memory of 1752 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2068 wrote to memory of 1752 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1752 wrote to memory of 1892 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 1892 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 1892 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 1892 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe.xml"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabFE1F.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarFE81.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ce87a9a62808859fbb7b6959ec91287
SHA1 02efc8b646c6cb0b37b62cfaf8747ca4f43bcbce
SHA256 67ab113ec7eca16227f1124213d2de590ac65ddcadd775e3e8e277d9f9202bb8
SHA512 e86cd52363a8c8ee0d57906c41b98be379058cbfc15ef2f8d2471ebc12d1d85b22ecc232f6bdf81e0e4e19f0d091bbd4ac1cfbafef5d4c5ad922e3b4c15ab08d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e89c0d9cd3d49e67625f1d738308f6cf
SHA1 1a61699dfd588ef4c10f8da583c373aca0c16e3b
SHA256 be8ed8ef49156581fd9bd2637541d31cc6e71b968acf5e6205acf0186e2a4cd8
SHA512 048bdc0110732281559f8314b359f793764c6604f73033a28560a5a4cf171db872cc85d5dda4c808e4f312b94e9c5745260db50e807c5f1b5d8d696862a34f5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b353a5a06af9026634e57cb8d4bf43
SHA1 8dbe59a052323f56bc4f97ceafb6e0f659a46b1c
SHA256 2c932f39fb079fcdb85e9d1d6cd2a80e32641f8a0042f3c8a25405eee1585790
SHA512 ddff6b13996180a501d7883a12a36bd6bb44c28091b62f2791c50eaedb1e0efa27f4e912fe98bd0adec8ba4330a04a0fb1286e6cbcf052e5ed49ec564f61d902

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72e102b597d3e9df3dd2a0c4cf60fa96
SHA1 29f28b9888bb8f1e869a163e058d1d3a50dec372
SHA256 eb1ee272289cb7628452efd655e1942f7e12ebf2ed5155555ce837ded0560c9b
SHA512 550db2711b7d109de208ceab41924310f24aedd44d57a3bb77bfc2637d5d4071f987a7973092b9b2595776839e60469817ecb03b64f4260f1f683a2eef56946e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 133dc0e0f745f161fccaa233ff4a2b0f
SHA1 c1c2e974c4178522151de6dae2dd5c879f7f7eb8
SHA256 507023a44909a3f58078d9e7d197c7aad78693c6162cb326c695d2471b10fcdb
SHA512 5e62ffd4170274d4364329a1201d96374b34ac83838e6a080023d876f65b44717fbef604b1422074d77f387b1bb35f785376ef3f483b00f587f8fe91135cac87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a9be1d4f6b67e5ec593e788e1a543ad
SHA1 13804b12396889a964ad978fcf281c102fe09cd0
SHA256 f44500929c86163d07cf77bfdb1aa58d476ea6bc8676dfe640db7da815a1aaae
SHA512 eaf073b4afae17b14a48d6d3558bad2eecb294b6904b743e8df85a1913c02de349f2af1f4284fe991c8dee7f42bc5129b203033b1e2af3caa5efae649b674e17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654a79e579b7f6c989eca33dcb8e87ee
SHA1 3e7afa271d66af495eb98fb00ae006dcba89d501
SHA256 3dbf920374e6f3ae3466681ed96da157ab0a22fd92bd69bac1203dc2f9db2035
SHA512 0c093d61f0e71c2487f71f8f211ca10af17b19b4b3157143955ac2796c9e1f36fe6577f9d16e232c8bab068881c751699655bb86f1275f7e40c860b3d3b30e01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0c1385fbb70c10e70d8997168cc97d
SHA1 7deef75792e35ca0c808cd830226fd3d4d3f38bb
SHA256 ef1e651d822f0cd784d536c22ea328e743f242b0492d367ec0e48659722f5d23
SHA512 bdf22c2e1b1134d6b39ac7a733bf50520d29f501b75346a14a51552477b17c5c44e7d9f53cbcb54781bdde487a83890a98ab68e2e77d6b70f6f9b01f45efd1b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b97ca5b1070fa7c466024e1ffcae4697
SHA1 a88d02a3e965628cf68de3622de72b9fc91cf9cb
SHA256 1ad2fa1ad4890142c632c46a6b811c7e792989b3c0b470ae0d472f6d50019daf
SHA512 93317441ead534810cc64180221587c18b9b5b4443a5fcfedb099ffaeeac9bba28528525e9cf9307b20ff7141632ab0ff49f47c1793e00ce335ae693d09096a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08c98a369171326d1ce891774f14a7b4
SHA1 1db762fb07e7c87d56d29ef22df4b346a5c65694
SHA256 988cc97a07d6c5be6e913541f2a5157033ab5990192fdb31a1aeeeb03775341c
SHA512 3c398f2916d1a610c543384174d0f6c93d878e855b7adfa3b77cfcde0a0142bd6496f45bdee3e6dd367fe9f7df9c80a89385c595589cc24f4280c7bc473a8c3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a3cb45baf2f450d88835f41bd644e39
SHA1 4704fee50b168f6c2e8cb7d0c0a5e0854f9d15d3
SHA256 7509f37308ad92eb170a547b8ab9c50d8d195eb806de30e02d7cd37df80e2e3a
SHA512 8ac50dc2c11633141a4aa2a4442d5a127015de3df5635b096d87a54367a103695d4c18e2521a2c53175750fd76e84c832331fbade441f033b798eaecd992a330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15549967e167339b49c7986c912d80a2
SHA1 b892e475f10ac44624971b3663c6f88c9a4542e7
SHA256 96d0e1bc871cf9dfeca29b38bfe67f1949baf32f6dcd16b32b690c3a2c6a3630
SHA512 6d1bb25f213faff75a54316047f03905d7cabcb9ebaac152960696b362c74029b350f78f3a5fbb5bff3c1922fbc91a246f4c9e49c2e807b180318521bc093757

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 667346187c4df0da64d98df3f97f2172
SHA1 3390977193fd43790520412544ae98c5b55b3b25
SHA256 994411dd902496de6da5eaf81a969b283dbc3f6f326c3b2cb16f3d14218ca48a
SHA512 9b32d012a8205bcf9df6c717f4c00c571c35d61790a622f0baccee137d5c3e62a2411fe49ea24a29587ae48137fd57f5551fdde3fa9b48a4110740780d80aefb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b28813723897d953ff75d46446e10137
SHA1 c5bdfdf7e0e15e3a36d2e993b89e133ad36b30b8
SHA256 ee9617d605b63b949f43c38eb2b9d7163478b0826c52a31df8e9bc77caa4b3a4
SHA512 2279c6537818c7b625e478c41e8e35cd788d95b06324aebeb2e955218814f9caa53f77d944c9c608f4df0b1965e5a95d2286122f224326232d9ec374b2381d00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 779c17fc5164b730116af9fb905baebd
SHA1 1c1ed38c5654a7adcee6b96ad045f25c4764809c
SHA256 6b201e824146b0d42df76e2ef6d08f88bc460968b6d37a005ea9067d1e9af6ad
SHA512 025a29f2c6fa9b2196c51002e31e5909a7f94e594295c8140a975dbb4e641cc2ab9d861b4557a6d9d07d111a50cc3a2355d50a0b665bbba55e45275d9e7eb71d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4cdfbdcbc88b3fc9489d1c737a652e4
SHA1 ae6958322c71b87ba7e30814f3ee671b800b853d
SHA256 d038e8ba34d1de76335cdc5d7e1b28f09dc797fbc5ad12e546001faffa97ca9d
SHA512 41f648252faae23827e57b2f26acb02a070e736a62ea1df863ffc372d8ec1d26b04fab44d3efe94e868921b1c4c51cd18058d5d25ac2d446c564669482def2f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cc0324fff9e1887ce5989ad7b52f776
SHA1 313e1f73fea80aabb52b5ac13d4ea74f975f760f
SHA256 f08e6de3dc5bfc02d005bea98cf497df29fd522d801486501856d5e0b7223e60
SHA512 51716b29c2eeaf7e416098d1605c92d30ae010e83658f7a76a30c8f798cf5d574f7511baa350dd90af1f888eaf1a81dda0c09751a22f16dd2a13c74dcc462c7d

Analysis: behavioral25

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

122s

Max time network

130s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\WkUP83aP9CABpi.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\WkUP83aP9CABpi.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231023-en

Max time kernel

129s

Max time network

164s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe.xml"

Signatures

N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 254.3.248.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp

Files

memory/1464-0-0x00007FFB26090000-0x00007FFB260A0000-memory.dmp

memory/1464-1-0x00007FFB66010000-0x00007FFB66205000-memory.dmp

memory/1464-2-0x00007FFB66010000-0x00007FFB66205000-memory.dmp

memory/1464-3-0x00007FFB63D90000-0x00007FFB64059000-memory.dmp

memory/1464-4-0x00007FFB26090000-0x00007FFB260A0000-memory.dmp

memory/1464-5-0x00007FFB66010000-0x00007FFB66205000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231020-en

Max time kernel

121s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\59Zp7paEHDF7luJ.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\59Zp7paEHDF7luJ.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

133s

Max time network

170s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\G3nl0mDcABnDuZ.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\G3nl0mDcABnDuZ.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 9.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231025-en

Max time kernel

119s

Max time network

126s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\KNTmoSnG.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\KNTmoSnG.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231020-en

Max time kernel

120s

Max time network

145s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\eMTYbTz0gueNs4.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\eMTYbTz0gueNs4.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231025-en

Max time kernel

125s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe"

Signatures

AsyncRat

rat asyncrat

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

ZGRat

rat zgrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe

"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Anarchy Panel.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

memory/2604-0-0x00007FFF78BA0000-0x00007FFF79661000-memory.dmp

memory/2604-1-0x0000000000AE0000-0x000000000417E000-memory.dmp

memory/2604-2-0x000000001EE20000-0x000000001EE30000-memory.dmp

memory/2604-3-0x0000000004910000-0x0000000004911000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

MD5 56a504a34d2cfbfc7eaa2b68e34af8ad
SHA1 426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA256 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

memory/2604-9-0x0000000004980000-0x0000000004992000-memory.dmp

memory/2604-10-0x0000000020090000-0x0000000020678000-memory.dmp

memory/2604-11-0x0000000020680000-0x0000000020A40000-memory.dmp

memory/2604-12-0x000000001EE20000-0x000000001EE30000-memory.dmp

memory/2604-13-0x000000001EE20000-0x000000001EE30000-memory.dmp

memory/2604-14-0x00007FFF78BA0000-0x00007FFF79661000-memory.dmp

memory/2604-15-0x000000001EE20000-0x000000001EE30000-memory.dmp

memory/2604-16-0x000000001EE20000-0x000000001EE30000-memory.dmp

memory/2604-17-0x000000001EE20000-0x000000001EE30000-memory.dmp

memory/2604-18-0x000000001EE20000-0x000000001EE30000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231020-en

Max time kernel

121s

Max time network

144s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\CjETR6GpGXqM.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\CjETR6GpGXqM.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

117s

Max time network

127s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\EVa7gBMKoaHmLC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\EVa7gBMKoaHmLC.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

128s

Max time network

160s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\KNTmoSnG.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\KNTmoSnG.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 121.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

120s

Max time network

131s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\PK0TcnqTGFagQTS.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\PK0TcnqTGFagQTS.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

117s

Max time network

125s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\mGWHaG2Jn.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\mGWHaG2Jn.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:48

Platform

win7-20231023-en

Max time kernel

142s

Max time network

166s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\FBSyChwp.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\FBSyChwp.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

128s

Max time network

168s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\WkUP83aP9CABpi.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\WkUP83aP9CABpi.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231023-en

Max time kernel

127s

Max time network

163s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\fzAgyDYa.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\fzAgyDYa.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 27.239.32.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:49

Platform

win10v2004-20231023-en

Max time kernel

125s

Max time network

271s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\mGWHaG2Jn.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\mGWHaG2Jn.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 9.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

121s

Max time network

127s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\G3nl0mDcABnDuZ.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\G3nl0mDcABnDuZ.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win7-20231023-en

Max time kernel

120s

Max time network

131s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\fzAgyDYa.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\fzAgyDYa.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231023-en

Max time kernel

151s

Max time network

160s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\0guo3zbo66fqoG.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\0guo3zbo66fqoG.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231023-en

Max time kernel

125s

Max time network

166s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\EVa7gBMKoaHmLC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\EVa7gBMKoaHmLC.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231023-en

Max time kernel

125s

Max time network

166s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\PK0TcnqTGFagQTS.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\PK0TcnqTGFagQTS.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 254.210.247.8.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:48

Platform

win7-20231023-en

Max time kernel

117s

Max time network

142s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\RssCnLKcGRxj.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\RssCnLKcGRxj.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

133s

Max time network

168s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\RssCnLKcGRxj.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\RssCnLKcGRxj.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 9.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231025-en

Max time kernel

137s

Max time network

159s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\eMTYbTz0gueNs4.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\eMTYbTz0gueNs4.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:48

Platform

win7-20231023-en

Max time kernel

82s

Max time network

26s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\0guo3zbo66fqoG.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\0guo3zbo66fqoG.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231025-en

Max time kernel

139s

Max time network

159s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\CjETR6GpGXqM.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\CjETR6GpGXqM.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

119s

Max time network

165s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\FBSyChwp.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\FBSyChwp.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-10-27 00:41

Reported

2023-10-27 00:47

Platform

win10v2004-20231020-en

Max time kernel

114s

Max time network

160s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\59Zp7paEHDF7luJ.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel\Plugins\59Zp7paEHDF7luJ.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp

Files

N/A