f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
Size

536KB
MD5

1f3ebd99cac4611de46be3ce9e07891f
SHA1

bbe2d0a7367799de1984188505c30a6b3c833944
SHA256

f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b
SHA512

cb386fdd6906d6d0c23f449ebfe24e9a85d812f4d8dc78e193b0e213cd9cc4b1d071a233b00a37a03f48e5670ecb4ca3bd60d8a92d6c66e43655617a07b8a000
SSDEEP

12288:6hf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:6dQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx
behavioral1/memory/2856-42-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx
behavioral1/memory/2856-325-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx
behavioral1/memory/2856-474-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx
behavioral1/memory/2856-716-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx
behavioral1/memory/2856-721-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx
behavioral1/memory/2856-735-0x0000000000B50000-0x0000000000C52000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\30e550	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
1340	Explorer.EXE
1340	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
Token: SeTcbPrivilege	2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
Token: SeDebugPrivilege	2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
Token: SeDebugPrivilege	1340	Explorer.EXE
Token: SeTcbPrivilege	1340	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1340	Explorer.EXE
1340	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1340	Explorer.EXE
1340	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1340	2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe	16
PID 2856 wrote to memory of 1340	2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe	16
PID 2856 wrote to memory of 1340	2856	f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1340
- C:\Users\Admin\AppData\Local\Temp\f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe
  "C:\Users\Admin\AppData\Local\Temp\f9372c7351ac5a992d220f5b4ee716ca158fac914ae5a4e4e5cd49f72c40d60b.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b5c1d71f5d8d3d44af1036a3ccb42fb

SHA1
d095223a47712fd3b124da31a344d467ce5da733

SHA256
ddfcee8505520fe2dceb80e25374773731df6a93d95733ba33d1517b591e79dd

SHA512
cc97f7e1d2e035c078b9dae1783ccc766c8022ec40166802c91d1c495dc4f3a9fb9800ec0e48740036d4f91cfb14b4c915cdbeaa4b0d180f81e7fc874dd3d13a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d2c474a2642e8bb5b1b7f4f4613c7b3

SHA1
1639f8290abe62b70d9dc346c572d0a99e6b1fc2

SHA256
9d4c417d7c0ed9084c8e3c13a9eca4121eb6828a6db1d12c7026ba2a7d631d2c

SHA512
70b2f928c5e056c7ea8ab32c2fa980def9094991056e3b34122bedea4a179cdbbd8c9ea4cec42d35d587eac239ec45f892065010766a1496717a655acc8c314c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb07fb8535b06f75d6d96285eab828e4

SHA1
28d2563570bf4481751a0362461f7a2703104e92

SHA256
aaf4cd17e857144cf21a9e13f4959489c5f1bd4404124455d25dccb40ab4754c

SHA512
0d7d41f2dc15d02a4b0ffd274107eae653afb58b67f8b5f5a706ca6bc7089f1f8a42345bf1710b62586bd418452d10d0ccd39fc1900b31d1e9408cd5ddce25a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da7825e85d19fc15561ffcac69344c0e

SHA1
866a516f2e9e8ef5d9195568b2a1b454e116e3a0

SHA256
69e967cbbe1cba0e8428373daa9154fb51c8a5a089271b76c9fa020142c27c8b

SHA512
d1fd788abfaf983e37d7f9751e51028af63ab96a5c9619ac5ab42a5c04dfbdeda5cb157b38812f37c25cc96f4acbf93898bc877b10ad08f6a8ddc871fc89f737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99697b20e552443bf8721990915bf0fa

SHA1
0a0a7bd393e6051201c2dc7b121806abc870f1c0

SHA256
890b91e99c00bcc57d08c18e6a27fb4c8665aac56e9ea5c52fd44d6b5771da4b

SHA512
af55d9b1e83fc177d4e71fd2d99682c8c5e37d4f8b7aae2cc614457b8a5910c0571fda2ef5ed19921b356519f13eecf3bfce855f4b19bd8b856144334a192d20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7b9c29b7f3dfec5d3099588b13ce2c0

SHA1
af9c3700ef8d135c5afac8db328d09af82d08e74

SHA256
a57540676ceb54ba98778d2c04f1dc134691c8163346dd3d9ef67cd9ed4b61da

SHA512
660bda74c006ce6f47aabcb8c442f8ccb9fe2f9ee43e56637e0e42683a4e784904e348bb3d00dd647b437a2f6f5ba73fcbae40b788eb55b24033b4ea9d2908be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bbe48bb1bc47f85cb8433012feabdbd

SHA1
f241732d3f9d19ce356434b0410a6beb9d3d926b

SHA256
9c459972f1cab1c4b867677058b147ac4cc4891ea3131bf61f8a101b38202274

SHA512
fbb06aca387b7636f7960a6b6408cb588df05bde0e589f977d0c3572f51912d0cdd35e8d0ef043c847974afe82fa58bc4bd16bd63ec0e16b5d5357ad087eb409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3223f7a2e6eca2ab931e17c4597671f8

SHA1
997f2ed8165a1c150b7b13fbe080e9c42ef6b15f

SHA256
5c3229159f26fdcea581c2c35364281b385ae5a6b08f90690f738bfaf336391a

SHA512
8d033258b89b95a79100f5ce4bb66990af5970b34131d893c01b48bad728da48b026bdc96529bb0bb4869ffbe3b477d0cad63faeb8a9d99d3c91bf5725925e72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f8167a121a937260a34a6de17e781c

SHA1
b86acf96295b9c88e47fd32c0a6f462a41622bca

SHA256
9858f68b1d9e7bd91ed78dc84fc41941b4091f5b8a6cff7098b907a130361d95

SHA512
9f78e483a64f5ee4702163d02bc19a2baacfe7db4bc435e5b69ebc0dad74624948fdc339ca8a0d55fd7c0ee2b8094cec2d434260209c8915c2c1f77991c267a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
009e8e2886dbe610079fbb5f62fdad1e

SHA1
0f3fe7d0c47896e3f59e397f554d0fd8e004335e

SHA256
8783361a50a60a2a3908c5afffee68b6aa6483111dfbc54b2bf9fe6dc1bd22e6

SHA512
3a04286aa846804773c5f68a0da7a1193d606001ceda6019a0fa232ca19a9102f1a4716fda43a06d531d234a0042ddd82994c97a268ffa4ca9e216e3fd954ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c680ab07d7ccff4feb42c04de2d6a41b

SHA1
93be252610e7e061b008bc1dae9f8ffce5d0f01e

SHA256
6538899270b2cd79ab9db3f53256d3cc6e3b5a56fc55e20356f193033d886f37

SHA512
698355f7e972b3aa2c00649fcbb57ee490c9d05c139804ca8e153993f835a5b1d48adaf0a0e6320b941a8afbf3d93a2671f4e160816cd1532e88749ab4b6f90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4174439b6683045b707057761a7a7aad

SHA1
698091dac7c885fe111690c5745dfb41be3443e2

SHA256
4f113e8df34d95d4e0dbfaabbd4c7d997ff014ead68322df7367da9c80b5d0f6

SHA512
ed23660be023036dc3567fb937e47d52fdcbcf88989beeb6771854c8a7fe2976fac2aa329ef4d33eb2fee1a30654db21bf81c65ba8d09b2cd37a566ffcb5bcd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab77F0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7831.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1340-7-0x0000000004790000-0x0000000004809000-memory.dmp

Filesize
484KB

Download
memory/1340-5-0x0000000004790000-0x0000000004809000-memory.dmp

Filesize
484KB

Download
memory/1340-4-0x00000000021C0000-0x00000000021C3000-memory.dmp

Filesize
12KB

Download
memory/1340-3-0x00000000021C0000-0x00000000021C3000-memory.dmp

Filesize
12KB

Download
memory/1340-6-0x00000000021C0000-0x00000000021C3000-memory.dmp

Filesize
12KB

Download
memory/1340-143-0x0000000004790000-0x0000000004809000-memory.dmp

Filesize
484KB

Download
memory/2856-474-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download
memory/2856-0-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download
memory/2856-325-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download
memory/2856-42-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download
memory/2856-716-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download
memory/2856-721-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download
memory/2856-735-0x0000000000B50000-0x0000000000C52000-memory.dmp

Filesize
1.0MB

Download