0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
Size

536KB
MD5

5834ff7c2403151983fd30f7bf5771cc
SHA1

a5b1b92b50d60625b05805e20d9677dcbf7cc4c7
SHA256

0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803
SHA512

e4b62031df834028aed18a6c364776642da8e102c66c8e03bcf9ab9f86433f35287d88c6bed8e57a0d05bb57621f3adadb3cfa9c3fcbb5309ccbad456c6a41e5
SSDEEP

12288:mhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:mdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2884-0-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx
behavioral1/memory/2884-141-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx
behavioral1/memory/2884-264-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx
behavioral1/memory/2884-442-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx
behavioral1/memory/2884-764-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx
behavioral1/memory/2884-769-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx
behavioral1/memory/2884-781-0x0000000000E40000-0x0000000000F42000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\316008	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
1228	Explorer.EXE
1228	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
Token: SeTcbPrivilege	2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
Token: SeDebugPrivilege	2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
Token: SeDebugPrivilege	1228	Explorer.EXE
Token: SeTcbPrivilege	1228	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 1228	2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe	16
PID 2884 wrote to memory of 1228	2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe	16
PID 2884 wrote to memory of 1228	2884	0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1228
- C:\Users\Admin\AppData\Local\Temp\0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
  "C:\Users\Admin\AppData\Local\Temp\0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
505ed80d60f9e03118bbfb13d606d413

SHA1
dec8f0c197e75415c4a2b6df1dc1d7652bd06d45

SHA256
00cda857eba076c7d42bc1f7ae44f6c0c4d714e01cd2f488c58e3bfd3a2a392d

SHA512
b9f17b03a0c966ebe728a8f2c10c5f4c893b709a01818c67f58ea44bc6736d9bf9e9812b49cff4324467677cab14be3d207d3788309ce1f8fd80306e913e8b61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e57f48d625009f939e0eb5085b9930a2

SHA1
c19db0fa2e381d87eccfa50b939807168798b9ea

SHA256
07ffa90aa1427b6aef05576f6b58c0acf864b629b6561dbc810dec443574d9b4

SHA512
bb45c30db856bd4dfcdad2f7d31c416ea237ee9aeecd7e7d5fd02d2c36b50f25285060b010c8d42bf534b29c2a443aa5c7994e267ee6d094e165b8d7ae2c869d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45cd63995278f2b28f3c19ffb6f4a3cf

SHA1
aee3f5022a72b1b5434bd4ab0c9bd5a69dcb4102

SHA256
988aa1cf52cbd65fc757f403a06f0bae001f19805817069b0f0b6779f53115fc

SHA512
5bc04a3d8617ed9c366d757269cd614b06be469752a599dfafe7a1c2b458665703e234e79bf44a391cbf0b6deb08aa8324f4954602d07019ae2f1af471110535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b43201f2316af4953d72fb1e890d2ba0

SHA1
a0c0ac7545c962175c5aecd558bd6716ef142d83

SHA256
5871e3035bdb079950e63bf95a1c536f616149ac718b4617f823a63806771597

SHA512
c930ef5a45951f6cc1e98605e5e757f662815020f1f9e9eec20716787eb0407fd7abfd9f041b12b12a9f05027f3cbb4f1648fe1f2f3c77025ab4ae4842ca4c65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f8f1fce366aa4a54fabbb8be494459c

SHA1
8d9d66ca070919a86d94dff7ef9fcfe5ac0ffe51

SHA256
451fec0b8b48cbd6fffdc5fbf702de965bee8a66b0a4923afe0b6533b28d8443

SHA512
12bf365f492b75f085662463f7da09db7e834ac034713c0c4f887e615653fc39d97525aa7e4207a03f4dc2608ab18b61981d50df710f3f2c31011aee911499a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74d95d0a6ee21af3c03da0b98ca4d28b

SHA1
da46e288d8219407d1dea11c9add60111436811c

SHA256
e24244abf4d637879021104b8349574968161d748b3d832c850b9b19931a6e99

SHA512
1aa9a8d96355660a50f3f4842a26690e1e33cdb1b6cf59b291046be6a9a4b5c442482cbe4623a0169ce99331d471d03bfac5115e389fd0914c701474e70dd6ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f64e5da02ee5ac8c585cce5c95174de

SHA1
62e784e3d9af1699719abf29f4dd24497d112338

SHA256
c17e38e553a1b5030434906351453772fa8ebec4f4798adb4eed84ac3ce73371

SHA512
a6103cbc0e1c059af574503e4f8d3a02c0207bf92c363c39ef9ac4206c6b7edc4f7f0ef03310e69767c87f9aec8a6c703f7c093e5fa2c143f29b26ea556c4897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66e8845db4e9a5aac850bdf2f0c6e203

SHA1
0e2df209a3abe470ba961f2552e05ee1a3c18d85

SHA256
91f1553010438009e93e1fb48a046d490882df7aac7830e546a918071644563f

SHA512
2f05044bfba00a65e9dade916200aab38267c4b5926c02f7b642a97e93a31c3c56b4a339b43fc7d24231541739626f534c32bb490fa9aa9a647a1597faf95434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75e8a621f047a12fd8f59be7fcae535b

SHA1
9dcca900d9a4124829cdeef1c67d18a51faacfd2

SHA256
e95208783b61cd2bb7f89f5c1093a8f63903d83759897cebecb61a91170b6386

SHA512
3256a2fdf648b7972f45ac2f16214f84cee65147dd22bbc5639f38289dc0c0677fdcca1e99e0a41f05e483b33b446c2268d504ed7d901d4e355434a147cc226f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8104.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8174.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1228-7-0x0000000003DA0000-0x0000000003E19000-memory.dmp

Filesize
484KB

Download
memory/1228-152-0x0000000003DA0000-0x0000000003E19000-memory.dmp

Filesize
484KB

Download
memory/1228-4-0x0000000003DA0000-0x0000000003E19000-memory.dmp

Filesize
484KB

Download
memory/1228-5-0x0000000002A90000-0x0000000002A93000-memory.dmp

Filesize
12KB

Download
memory/1228-3-0x0000000002A90000-0x0000000002A93000-memory.dmp

Filesize
12KB

Download
memory/2884-141-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download
memory/2884-442-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download
memory/2884-0-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download
memory/2884-264-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download
memory/2884-764-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download
memory/2884-769-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download
memory/2884-781-0x0000000000E40000-0x0000000000F42000-memory.dmp

Filesize
1.0MB

Download