7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018

Analysis

max time kernel
11s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
Size

536KB
MD5

6c7520b4d54c43c3413f3d345438016c
SHA1

25ed57f64c95657be83dfe490479726f3a31eafe
SHA256

7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018
SHA512

e5f413da63dc5e32f617eb896b123d48c2e17f877c1dd362f782a73fa4d64e9c9e3bedc5b4007246bcfef326d8d4e7a1ef9e223a699ed533ddfff8462b9f05fb
SSDEEP

12288:ghf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:gdQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1576-0-0x0000000000AE0000-0x0000000000BE2000-memory.dmp	upx
behavioral1/memory/1576-44-0x0000000000AE0000-0x0000000000BE2000-memory.dmp	upx
behavioral1/memory/1576-392-0x0000000000AE0000-0x0000000000BE2000-memory.dmp	upx
behavioral1/memory/1576-672-0x0000000000AE0000-0x0000000000BE2000-memory.dmp	upx
behavioral1/memory/1576-784-0x0000000000AE0000-0x0000000000BE2000-memory.dmp	upx
behavioral1/memory/1576-798-0x0000000000AE0000-0x0000000000BE2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\1afb50	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
1372	Explorer.EXE
1372	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
Token: SeTcbPrivilege	1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
Token: SeDebugPrivilege	1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
Token: SeDebugPrivilege	1372	Explorer.EXE
Token: SeTcbPrivilege	1372	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 1372	1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe	13
PID 1576 wrote to memory of 1372	1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe	13
PID 1576 wrote to memory of 1372	1576	7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1372
- C:\Users\Admin\AppData\Local\Temp\7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
  "C:\Users\Admin\AppData\Local\Temp\7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
33KB

MD5
c24b586e18daf2fdacfb091a68252921

SHA1
65b11ae6ece0652b2cb95f4fbe7aed3bdfbc7c7b

SHA256
70bc417ea2b10a1647e2386a5ebf06ad39bb75ccbb93f86453888b0c50840271

SHA512
44e680a49f0d960064faf89e65713d5199f228182bb69fcdbcac01ee93e9503ef7400508a1c021d706c78b5c6841aa5429e0f574449325ac598a93eabd523e03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21630df8bfd95629853fe5a94d11d3af

SHA1
192c4edb622905a3a33ca276d985fd97edf34c8e

SHA256
81a650f4989d1288b0936975ae639c697ee410724a3893340f0638390cf53e08

SHA512
c79e3dff359ff11b0af6e88ed1f15a82794780017c2c44924d099e160b48842c82ca0293ed6faf0df0eeaaa7f544b0b1740d1536979d39019ce585b9f47b255c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe4183af9b42f6337c8accbd34234f57

SHA1
05d0d6230980fb7b3be0c634d480e7ff5c24b667

SHA256
9174a79bc347e153ca2e4d5756c83ea72cf3298e8cf70f9a58292e41308006d2

SHA512
3497f9ad8a6ef53d6ffa68bb49b44f566c889d42c3f5267b92015ba6ebbfa0df8d0ba326a0aaa7b535b35b5bad4fc52356168b31a577f86f6acc9d29fb0a5e6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dc539d7e1cbc2fe65aaf4aaa3bd8fd1

SHA1
2a6557f6400b7b47b801ad3ffa4f9f11b29b64c8

SHA256
c565d9c4e4e01de9eebcccd9c100ec107158c1baf88d818e118fc9798e8329b9

SHA512
33e8970fb60bafc593dc28c3fa3a0edfb2793f28067a9f3749abebb5f5bfcde1f14b57679cb4d31495bca02aa2a885e01b5de940aa0ebb1ef4aaa81824d6c742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b519dfceee7a08bab5cd9f0bc8da09b5

SHA1
6adfaf7281b95db0921c3117613c2a85d38e3176

SHA256
961f34e7d4822211cef4b1d435233c066b66e1b7c1fa2a818bb43ad3cf25c129

SHA512
4a958df61ce599ebbe752c66e578d6c51f40d579c1e74d17029e3e11150f05557b4db44b8744bdf68491126a88884b3d606bf4e85d81834389c2e9735ec2497f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2577c2c07097589f7c544081e90ac316

SHA1
2a9c863ac78284d0e7192bef47c2b59082bb5b2c

SHA256
5754620e0fbad1c165f49aa4deff44931e6ddc9c47ccd9da82870ace5179961c

SHA512
c87d61b11002185132aeec17f0d49239d7216938853ecd23a6dd28f8a8c4db8af0e080feff9dc65ac4cb801ecab4024620438932e11ccc09f536d78e9c9f1a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ba360d4dd6dbc42a4e58363b33b83ae

SHA1
d14628b4053f8bee39aeb7ac893cedb4ef79ef46

SHA256
11a6ff9b7a8f768cabd20fa5e35b85a841628d1f4be89b4b5735757a2d8bdb98

SHA512
b95b747fc6efeef480a57cc5e87160c10f123898f974d814ff0913039d17c42ecb9f3e376a0c7ce651a9ffa0dc06f5303189b07e5782ade4b4521ad9e07e98b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3987aeebbec8789c655327801cbcb24d

SHA1
057d64ea0005e61db277eae3ac4b735e6a892afe

SHA256
84b09301c298657271dc41996dcf36ac1b035e174528fd8999bef9429a69229a

SHA512
ec3a6556da6f837479b821d9bc628feba2b47ce2786c2f04647455feaaabc68edf3fa0d598618ab2d539fabbbed1999272d8248bc6aca46556255451e19205d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15cffb19100132d2492e2e8b54e8aa95

SHA1
cce65357a4c7e49e97bc920067213667c7bf4e1b

SHA256
76ce9d07c3f09a2fa28c5719149b1c165519e224082ae1f9fecd55f66a19a051

SHA512
4eef790b3c0e8a112d4b28c2d7d8b9b55d76e54b4adf4a1e38bfab358384cf55007a8ac7c86188ce56f3ee3d9c47ddc962ab9e17db9e1a176a414b7c8d71abb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14be1f30c8701521514db54232737499

SHA1
063fb122e31808dad16c1d97f5f10e4493dbdc2b

SHA256
5e442263ec2f66b23bef34d287e9084a135757df723efda93a1b77211b7417d8

SHA512
33cb0b626c40221d70e5d0e9b8a72eae88e2d51ca2773727911a83f22818d41e7425d557d3a42e059ed984de6bc9c3f6b7f7e28e596287d68e273104c60dc6a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f0e977a48080b88accba82727faffa1

SHA1
b8539cd02141b9e976d2a53d987940ec4ea1ea01

SHA256
b18e85e2d94aaad1378249301781a9b6b0e8a6c39dff2acb6b5de28e8cfe965a

SHA512
23b3edc25e3448ac995abadb5e4a74af212999ad1311231c9b3fba63f6e1a82179966ffba07ecb470b5d495ccc134337098071a0a5372d071b23a3c8a978e734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ef9ca3eec694755aa7f73049da26204

SHA1
9090b0d01786a980acdb0300c0bc3db3ad22a976

SHA256
668666711a5603272005f5ad4ab377b67160e896e7ae028c5fe7fce79b3314e6

SHA512
9af64966e23cb17d73d5cc8e7bd6db15dea1fee929971f6f07ae28ee137cc9c14e097072574eff069106cc4bfe9437ebd56186301ffc5c7b57d6f54a13dbff79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cb2ac5c075954a5519d4350d1331b755

SHA1
3293757b95ab5bc70c25767946332dc5c7395005

SHA256
bdbd3de4c9ff168f1d93c417494eb036988e2df9f3ad852f83a3a6f141f66404

SHA512
d728a94fa4562bb9d8205c47f127dd763dc3f6b5f2c7fc67e28da5ad2eb71138e6bbb08a7e30c18e047a143156c0557e5ebba5510d1659d81f925d902f26996a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4407.tmp

Filesize
2KB

MD5
401bb0fd74528a301af78caedd2cc67e

SHA1
6cc5c63bb7cdbe5d8b6d57c2a881f625cc8715d0

SHA256
99de07427e876b6d1bd892f27a0262a9bacd1eb56eb470733f7683af4a1a7672

SHA512
c9fd6010b34aad998290d1dbe26ba763ac22f27f333ec53f599b3a429265bc0432b3704df1531c91bdbfcb5fc6a681226cda0e2e87b926780fec42978c9da5a6

Download Submit
memory/1372-4-0x0000000003F70000-0x0000000003FE9000-memory.dmp

Filesize
484KB

Download
memory/1372-3-0x0000000002A20000-0x0000000002A23000-memory.dmp

Filesize
12KB

Download
memory/1372-7-0x0000000003F70000-0x0000000003FE9000-memory.dmp

Filesize
484KB

Download
memory/1372-6-0x0000000002A20000-0x0000000002A23000-memory.dmp

Filesize
12KB

Download
memory/1372-142-0x0000000003F70000-0x0000000003FE9000-memory.dmp

Filesize
484KB

Download
memory/1576-0-0x0000000000AE0000-0x0000000000BE2000-memory.dmp

Filesize
1.0MB

Download
memory/1576-392-0x0000000000AE0000-0x0000000000BE2000-memory.dmp

Filesize
1.0MB

Download
memory/1576-44-0x0000000000AE0000-0x0000000000BE2000-memory.dmp

Filesize
1.0MB

Download
memory/1576-672-0x0000000000AE0000-0x0000000000BE2000-memory.dmp

Filesize
1.0MB

Download
memory/1576-784-0x0000000000AE0000-0x0000000000BE2000-memory.dmp

Filesize
1.0MB

Download
memory/1576-798-0x0000000000AE0000-0x0000000000BE2000-memory.dmp

Filesize
1.0MB

Download