0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca

Analysis

max time kernel
201s
max time network
229s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
Size

536KB
MD5

83816b3f2f9022b5f8222084693a982d
SHA1

93645cd1b0ccf3cef2b0228e433c22457779c09a
SHA256

0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca
SHA512

e5ec75eeeb5f99853b9d4d78d5f15f2788b30d2ce719999ad3a54c90f205c1b924072e84db1c077c9ad52df77748849160d1b7fa0dcca1dbbf08b177cad69b55
SSDEEP

12288:/hf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:/dQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2596-0-0x0000000000050000-0x0000000000152000-memory.dmp	upx
behavioral1/memory/2596-7-0x0000000000050000-0x0000000000152000-memory.dmp	upx
behavioral1/memory/2596-82-0x0000000000050000-0x0000000000152000-memory.dmp	upx
behavioral1/memory/2596-263-0x0000000000050000-0x0000000000152000-memory.dmp	upx
behavioral1/memory/2596-586-0x0000000000050000-0x0000000000152000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2c71c8	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
1232	Explorer.EXE
1232	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
Token: SeTcbPrivilege	2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
Token: SeDebugPrivilege	2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
Token: SeDebugPrivilege	1232	Explorer.EXE
Token: SeTcbPrivilege	1232	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 1232	2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe	12
PID 2596 wrote to memory of 1232	2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe	12
PID 2596 wrote to memory of 1232	2596	0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe	12

C:\Users\Admin\AppData\Local\Temp\0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe
"C:\Users\Admin\AppData\Local\Temp\0f70403b092855dd934c1e587bff33b05cf583351a4510e24c2557552e91e1ca.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2596

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
863bb5b9185ea34808be3814d552638a

SHA1
5b5d588a57604de0311e165d3a20b43bfb11b17b

SHA256
37e752a860478ae8ae9802fedf7935b611554ac4b9f89f7bc7c0c7d7bb374871

SHA512
909ccdb8640163e15c9e99b71130590fc5e08b089ec635ad43205c5d92e6a148b7ce340805d93450e53b9c01bf0acb4cf02fd334f5432b6776502c988f9d4386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a680f87acef86bb11472c1e9a820e89

SHA1
8a70f76c3cb2afaac0988bd43d04ba111fd401c1

SHA256
1864937c15a02de4a3f562c1a8a9b4f314ef28f2ceb1b05559ff71b6c1ff3b64

SHA512
1f5f9cf615998ea302e06c4d3e9bd458453f1214e2d740b2f049ea7a53e88b1084a9b51ec774b160872c27eb1bcd4f9b5169d617d8632b836180214c140e13c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58382aea5bd25c131d1863ff1d75dd37

SHA1
a82eaa711fc440935713ea8ec67e2c9a1b6c2e1a

SHA256
07aba72968df35beae173cb2781ad7617be038005bc07337f0b00570d3dab67b

SHA512
115d9c8eb37c2356a05a29c63fdbce8bc5856f9841e14fa3abc1da07ec02cbb69b718ddd02288e86dac556fcf2589f823e53de62923383e116e2533c9c8c5b9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b649a112fda77d95ba3b86a600d69510

SHA1
fff34f70d80082c22f3b86da7bf02092d2a83b48

SHA256
88f3bbb56e96244453a749d0031cbef7414631170413422a425efa111292379c

SHA512
03b0ed051755bb427fd6b4f5104f1aa6a0963aba7de66f7554f0e4affd351c5f32aef148922040cc468abe5cd1fcb1c67b609ab26c33a0dbb0f1d99b289f6a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9329e48a51794a110b3a5676417fedc5

SHA1
5c590339ee8a41ddf36526fe63041ed1374ac8a9

SHA256
dfc2e89ae96bdd093c1593ff84097a589fedf4891836c802d1ed9738914020b1

SHA512
28ff37ee3c1beb6038313226265d543282de06a6590a3cd7970a28db559a259e00fb81c13d28a6741915c559b6a7c4b209db7590b847b9676a55c7c9da8684da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29e62be8d0f4761c5782d3e870c90807

SHA1
8af73577952d53b9c876f078d19d0ea094bdca2e

SHA256
3a015506fef480ce102c112120b9301e3ad483670f6e40297014858c2a7c8595

SHA512
78f7c39c0a2678ee40bd6ac7e2bad7b7544d07509c797b41c05d2df3d32169556ece760873f000ea0b6e129351604bf7c674fe4d6b1aad5bf7c8df168bbb4fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f920ef1e0b4510c97d9ef1d79fe9ba2e

SHA1
16fbb05dd5018b1b3971356a71cae7442cce2b05

SHA256
fa59534007020ccfa30626a1e57f08c5b3216398a02f0b6b99a5073685a37b16

SHA512
9c145c7a22a9cd9928b0d6061d284233f354195662ece9dc2b2961b0feefbcf06ac50806d3eb34d90e81287d43c578d18bb6dfb1dc7034ba16d2190e5a4e1283

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63575f40defd59b7fffd51740e69783d

SHA1
f0fccdef7a9115d5cb9342f75435af3b07e20075

SHA256
ac8d8e8f4dde8831e76ce15c8b51eb85fd0c852c9a0576e8dfc9fe86cf70d4e8

SHA512
269d670f75f7e8045fb898ae1c6de04524d4da3196dfb95b88ad64265017a7c85dc65dcd2f7b2ed96358c1605ae3bb780a74a10a9c3bf5253f80f06cdae2795e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b680b18113566ba9cfc046c6225d7032

SHA1
69ab4302e8a9fa6ccaa15c39fd36d465b6f4f654

SHA256
44b37874c863dc9bc9029c63dca66764ce9b1b86c3aa7272f2839c06a8f9d7da

SHA512
87c559eb151bd6be81cfbb70e88d2503af6d975b775f69f5cbd57a4e6b78e11627040512991b5b5dd993fd6d6b0bfbfc17fd7dafeb519040cad4f4f9539ab52c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC35.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC47.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1232-17-0x0000000003F70000-0x0000000003FE9000-memory.dmp

Filesize
484KB

Download
memory/1232-4-0x0000000002B10000-0x0000000002B13000-memory.dmp

Filesize
12KB

Download
memory/1232-5-0x0000000003F70000-0x0000000003FE9000-memory.dmp

Filesize
484KB

Download
memory/1232-3-0x0000000002B10000-0x0000000002B13000-memory.dmp

Filesize
12KB

Download
memory/2596-263-0x0000000000050000-0x0000000000152000-memory.dmp

Filesize
1.0MB

Download
memory/2596-0-0x0000000000050000-0x0000000000152000-memory.dmp

Filesize
1.0MB

Download
memory/2596-7-0x0000000000050000-0x0000000000152000-memory.dmp

Filesize
1.0MB

Download
memory/2596-586-0x0000000000050000-0x0000000000152000-memory.dmp

Filesize
1.0MB

Download
memory/2596-82-0x0000000000050000-0x0000000000152000-memory.dmp

Filesize
1.0MB

Download