c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5

Analysis

max time kernel
45s
max time network
145s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe
Size

1.8MB
MD5

9b7fcc2fe0ee825f5f9036661fa978d3
SHA1

058273a23639df992a9a53c893eaf1da36f0235f
SHA256

c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5
SHA512

740e39a19c06bae7e58f530eb6b2aa8a1ce798965ccddaa568aea6bcb7282f793f8fe8cbeec4d21b627dc040c49c1c4276e512240c8b8e594cb8c1b6d4a1f8cf
SSDEEP

24576:kjSokU1riH2vjSow1nLJbKkKF/eMNPj9Fa/e+WL7B:kjSn6riH2vjStn19KFeM/Fa/e+WL7B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x0000000001270000-0x00000000012DE000-memory.dmp	upx
behavioral1/memory/2232-1-0x0000000001270000-0x00000000012DE000-memory.dmp	upx
behavioral1/memory/2232-225-0x0000000001270000-0x00000000012DE000-memory.dmp	upx
behavioral1/memory/2232-430-0x0000000001270000-0x00000000012DE000-memory.dmp	upx

Unexpected DNS network traffic destination 2 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	114.114.114.114

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2232	c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe
2232	c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe
2232	c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2232	c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe
Token: SeTcbPrivilege	2232	c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe

C:\Users\Admin\AppData\Local\Temp\c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe
"C:\Users\Admin\AppData\Local\Temp\c82966479581874224f12c43bf8774317ec319fa5b083ad2f7be78603bd3e4f5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
51KB

MD5
390f09e5f4e176dbc0d8c04b7c179a95

SHA1
26d4eae0220bc41d279fef73a23193653eb35c08

SHA256
d3625057ba09d164bcdb05e1997e9ae001e9855a08aedf0c7ffe08ba5534829d

SHA512
c88ba2b11993691924678a9224896dc3c72c82e7f4abdbcb8ca4c8cb32181f0fc9515adf470adca5b443dc64eef41156ca751dd405c6f922cfb3eb8bf036c135

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bda882c961b5337ba49db34aec3b72e9

SHA1
4b86cfc54f2df0344b79db672c08b53f896e1df5

SHA256
dbddf385b0908618a2233db9bd230bcb337e29828e481bf7170f7540b157500e

SHA512
7f558fb9a0d1a9f81ce26184a16ad8c19cd1ed983f18c41d032b664f2b3532db4dda58bd3d551f438843aef2c5e671277efb2e77919c3dd4388e10385ed43441

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD9A.tmp

Filesize
34KB

MD5
2e5f3ea1d6287ebcfb50d930d1b7b216

SHA1
0ece3af49370a90617838e9319636267cce5ab1d

SHA256
c4142a7d1770c575672bb66b93b4fe4451200bee92caa58b138e63c0f0cd647b

SHA512
430730e46fe8072a2b28f5fc9ec51898e2fd6cb3468743709d7e2488750e507184d6854fd1042b9f18f85fcdc5629564c657cc550f3209a768bddbdc9d6064b8

Download Submit
memory/2232-0-0x0000000001270000-0x00000000012DE000-memory.dmp

Filesize
440KB

Download
memory/2232-1-0x0000000001270000-0x00000000012DE000-memory.dmp

Filesize
440KB

Download
memory/2232-225-0x0000000001270000-0x00000000012DE000-memory.dmp

Filesize
440KB

Download
memory/2232-430-0x0000000001270000-0x00000000012DE000-memory.dmp

Filesize
440KB

Download