038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89

Analysis

max time kernel
60s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
Size

536KB
MD5

39bf0ab50c09a22792cecb6fe5c1b3d2
SHA1

8ddd89d0f8791f71f1904d6dac82e803059c230c
SHA256

038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89
SHA512

3ebc2631e16e804eef7a0845019226cce12704e6999837d7e20801933718cd2af482bc1ce4c84c8b00f9c5770d6880ece52b023e34a5988d4ef018ffded04015
SSDEEP

12288:Vhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:VdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2416-2-0x0000000000A00000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/2416-17-0x0000000000A00000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/2416-449-0x0000000000A00000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/2416-593-0x0000000000A00000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/2416-777-0x0000000000A00000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/2416-791-0x0000000000A00000-0x0000000000B02000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\295ce0	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
1340	Explorer.EXE
1340	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
Token: SeTcbPrivilege	2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
Token: SeDebugPrivilege	2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
Token: SeDebugPrivilege	1340	Explorer.EXE
Token: SeTcbPrivilege	1340	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1340	Explorer.EXE
1340	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1340	Explorer.EXE
1340	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1340	2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe	6
PID 2416 wrote to memory of 1340	2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe	6
PID 2416 wrote to memory of 1340	2416	038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe	6

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1340
- C:\Users\Admin\AppData\Local\Temp\038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe
  "C:\Users\Admin\AppData\Local\Temp\038fdbfb7f46fed85b05571310c376a24ff3efb1ad80ba1625d9e4d636539f89.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f375b7c4059d82f85abc1363eb5ddec

SHA1
ea1a12e0c2ad99462cf5407b1a4e55e1bfd7a14b

SHA256
4a7f2c1b0b77cad3d5ba3bf88e8ff669a5cf262fa17d9bbd4dbede1df32133f6

SHA512
c3860351339e8286e44f5f855ecdfe5e9884f06bd211b8bc1565d1471dccda0dcb9ffb1a8bed415a96922a68d6840cf6d07ec9ec04f432d6626840b5dfd4d374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23e6b7f4a4cbb1e65798fec975f1cd50

SHA1
29197b44d28fa386687d0b5f38471a241b44a543

SHA256
465a2f28ef941ea0897e3be660e283eaf3d6bfc6d41a809f963205512c95f914

SHA512
748b7cc0b6ad62a7fd0dcbdb5d0ddc3d01c7fbbfac634f89c11c6b3b26cd73cb9bf1d85dc94cb51a20adc08335452d7a49c91e6eb61bef4a10a690b5a012885f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a22aa379e4aef98ff079972e8ea2794

SHA1
ec926e99770a8a50efe431fd851d7068ad173425

SHA256
9df42cd801e6a9a2193040a538a973b55dad3070668b038e1df7cb44e6625dc9

SHA512
89376c466e0908bd8f825e988177f6aa97a38e09de48e3422103c763160a6a644b8c863277f03cc4308b3ff3356f14bd56a5f13760e28bb2989d1d38033f4e69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e784a78dc964e7134be78c1bd83666c7

SHA1
5860a213a5fd08314cc76b277dfeaddf504cfda3

SHA256
b7dd01e9b2e3b5a6f85c85584b934e1cb231d126fa1f2957d3e2ac75f7527fc9

SHA512
cabb3872db5e1a0c977a30cf6c3e9e5ee798cc3ec7936648b98e9fe9fd0a6081daf4d55bdbb9bc1fa997649ddd9d2ec07116a71e8a20efa9ae185acb6637c8c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
318ed77d9bbe4f20d0f9e761fe5869bc

SHA1
3127a8fe9810798f23b8d37249dc2f95fa2928f2

SHA256
e4cb11d09c2f3087998e94e63efee2fffe32b374b1b7ad8618b27cd00b5a99ea

SHA512
577345fc2d5b33d6f31a8c0eb996a20dec28d75d5c100b486df7069d5e0226b796ababc26a7a70c50707d2fd2447f68f935051efddd1561235ac35b7e9538424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1488daf4d3811b3a4b08fda12f02a7b

SHA1
d0d9f8dd1067377887791411f9f2e33cd176387e

SHA256
e350ea938f8b61a996c470a73cf49208328658f87ba686766b796df2d9a0ab6b

SHA512
56e5cb516c3d61e5f7cb86f563727c929ee440eab31a66f22b99fc4a6c1b87ee03af136e86560b4fdda78c35fbda43c5f1986085f05e3cf6e34f665d830595f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df62876af46f371e114f25317266f19c

SHA1
ccc070e8ba4dcf093cdf6941a5319796332f7085

SHA256
eabe0797caaf908370bc5bbf363b09165d65bea21f29c3b5cee3ecbe02764a39

SHA512
87f4d685fff22f42378065541117fd83a6d387ac9583f2cc0fa5132322f7860c448d2772158944858b30ab90f39000f209221a08e6b5501c771fbe71e696c23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96bf81f45495896d59dbb996c55e30ac

SHA1
652b608e89b544300e96f908075fbbc8932c5d9f

SHA256
4499a513446649998d5ada5c7800aa819352046e8c13e7decc8a2ffd1f2f0ca6

SHA512
7a96dd10f476633404aed682ee46c980f25aff9256128fa8e7cc958174758c75645e9ec205c7a41667ed7b00b53f022d8760da09196671154bdbd06c409dcd32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b5e78e5c3243e4433e38afc281d22824

SHA1
47ee04acda0cd8c1102af1f1567fd82f48a8e86b

SHA256
d6bb6e0643ebdde5757f91652cedbdf49c68db9a20b68d65108ab4aa6b001976

SHA512
e98d8ba3f6ae2584b143c65ccb813f856323011aa42882e0d750b1f2a60a92fe74491dcad14d434686ee0657aff5dff3a656bdf2bd8573c34ad99a533e14af20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar55C3.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1340-93-0x0000000003ED0000-0x0000000003F49000-memory.dmp

Filesize
484KB

Download
memory/1340-3-0x00000000032A0000-0x00000000032A3000-memory.dmp

Filesize
12KB

Download
memory/1340-4-0x0000000003ED0000-0x0000000003F49000-memory.dmp

Filesize
484KB

Download
memory/1340-5-0x00000000032A0000-0x00000000032A3000-memory.dmp

Filesize
12KB

Download
memory/1340-6-0x0000000003ED0000-0x0000000003F49000-memory.dmp

Filesize
484KB

Download
memory/2416-2-0x0000000000A00000-0x0000000000B02000-memory.dmp

Filesize
1.0MB

Download
memory/2416-17-0x0000000000A00000-0x0000000000B02000-memory.dmp

Filesize
1.0MB

Download
memory/2416-449-0x0000000000A00000-0x0000000000B02000-memory.dmp

Filesize
1.0MB

Download
memory/2416-593-0x0000000000A00000-0x0000000000B02000-memory.dmp

Filesize
1.0MB

Download
memory/2416-777-0x0000000000A00000-0x0000000000B02000-memory.dmp

Filesize
1.0MB

Download
memory/2416-791-0x0000000000A00000-0x0000000000B02000-memory.dmp

Filesize
1.0MB

Download