cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c

Analysis

max time kernel
150s
max time network
174s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
Size

536KB
MD5

8d8480a26de222eaad29882ed688f472
SHA1

e385ebed402c5fdc8a797354a2f5c51f9487c1a8
SHA256

cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c
SHA512

1ef275cc2f9e2e651e1792b57c332c86c6bbef3cc33f7ea8f4d2d55eeafd49c4fbf1a29b7db20ad434bc5ef3174d517dbd8611841c210a82951a805d13551adf
SSDEEP

12288:Hhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:HdQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-0-0x0000000000110000-0x0000000000212000-memory.dmp	upx
behavioral1/memory/1724-78-0x0000000000110000-0x0000000000212000-memory.dmp	upx
behavioral1/memory/1724-433-0x0000000000110000-0x0000000000212000-memory.dmp	upx
behavioral1/memory/1724-543-0x0000000000110000-0x0000000000212000-memory.dmp	upx
behavioral1/memory/1724-652-0x0000000000110000-0x0000000000212000-memory.dmp	upx
behavioral1/memory/1724-691-0x0000000000110000-0x0000000000212000-memory.dmp	upx
behavioral1/memory/1724-705-0x0000000000110000-0x0000000000212000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\1d83f8	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
1384	Explorer.EXE
1384	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
Token: SeTcbPrivilege	1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
Token: SeDebugPrivilege	1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
Token: SeDebugPrivilege	1384	Explorer.EXE
Token: SeTcbPrivilege	1384	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1384	1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe	21
PID 1724 wrote to memory of 1384	1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe	21
PID 1724 wrote to memory of 1384	1724	cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1384
- C:\Users\Admin\AppData\Local\Temp\cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe
  "C:\Users\Admin\AppData\Local\Temp\cd362194b28b1129438f775345081e48437371d97133a4050ffc86338abdf87c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd1f76b4d9c44844bff34c18cc242a33

SHA1
3ed0a3ebc847b1b31711e056b4747ad1d158761c

SHA256
e982d63f8fad2f9dcf40acc5707f11ec26318b2cfb8894e5c1d1a4098845017e

SHA512
8d58dc7eed01b5a0eb6849c896f1af276ca94973a2ff7c77f72aa7ec9382aaf56adb5cd84457e7e7dd229bfee1fc3419d90e287f0d7df524087060ebdf08788b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd40a3cf3cbbf1903331e7a7f1e04f6c

SHA1
1c426ac809e7517285c5e9bc4ca3b499f8d95d35

SHA256
9b67a622f9368408f9f636b96822ae2bfdc036e30fa59dafdd85b19666e830f2

SHA512
1f32e0962e32c9cee5b1eeb1e82d918bd3d732887975acfb476c353bff76a88a785bf9a166e3da243c55e1dc9f91320ddebc3838bed2d31c3aa728c7cb08ce28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d7b8cd2b5624ad97ac8efa7de859303

SHA1
1e9573d2db6c12cd50a3dc7f9b03d5e76d56faee

SHA256
86e5d970c78b4570e284c186db8bb77cb4ea7201892ff2a751b0dd57634aa4f2

SHA512
120798a315436f8e7687a325028bbd9fc73f794b93febfb1290959c9c3433dedfade3c223f8026f3f9013aa8673acc25faedce0436e4743712c4ab445ebfecdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b02708d47cf4481f73766ca02ced5f1

SHA1
07585c2e8724f5352847f3028332dd4db0dfe18c

SHA256
b63b30db0811dd7c3507294898283dd8901b46eefe99057d546d341be8b2631c

SHA512
427bb7c8e928e1fe2c3e645ca0a6620e7d52cba34c764e1e9ddf3ed844dbed28b1ed105e9a00c2b55491c8d08a7c5e1cba1fb796679bc9893ecf00817e560b3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dab16d2a0fa6e1b03024fd8750004d2

SHA1
9b91cdfedcca55ce7219527aa8bd21370b7c71f5

SHA256
8b0ce54b3a51a9ae74701740dcdf219c2f232b5abc2731687aa93eb6d12ffe09

SHA512
d9afa0b5adf1c80d89263726abb05b4f8a8fdb9987723c7c83b7d3e158255ad5bf32af4a0451c7a93927f0429045414c93912659ab85554f4460acff7734c326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebcbadb465e376da22edb8e3fb7af277

SHA1
638d1e547a770a3c461ab3c41ecc1a586d098222

SHA256
d37c54c81acbc4a84180a119b12761866200616ce1fcbf644cfd8749bfc4175b

SHA512
8e1f401101634fda14cf4fc6774646a38902d55d4bc83ede6768bc3d75b557a96217a02e25ef6acc9aa0b4d01ffdb17cbda0ef08cf9fbdd53071040651d84526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ae1f3ef400e3af5f03307735d7dadce

SHA1
e0a5d383ffffbe3a1df8a77a47da390b902911e4

SHA256
ab2d9ac8afc3f09fe78e8f4591d1c0eddec857d8da28767810b55b83d8f87022

SHA512
bdb40dcaf85d9d055b0aa0bab51d186f7d76e816c3f8fbc4147457ebd22549395b935fd01a6daa58823a69d6b91f1759b4218fed62dfe1f38d83e39982b1452e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB1F3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB215.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1384-3-0x0000000002620000-0x0000000002623000-memory.dmp

Filesize
12KB

Download
memory/1384-4-0x0000000002620000-0x0000000002623000-memory.dmp

Filesize
12KB

Download
memory/1384-6-0x00000000039D0000-0x0000000003A49000-memory.dmp

Filesize
484KB

Download
memory/1384-179-0x00000000039D0000-0x0000000003A49000-memory.dmp

Filesize
484KB

Download
memory/1724-78-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download
memory/1724-433-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download
memory/1724-0-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download
memory/1724-543-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download
memory/1724-652-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download
memory/1724-691-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download
memory/1724-705-0x0000000000110000-0x0000000000212000-memory.dmp

Filesize
1.0MB

Download