83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
Size

536KB
MD5

f724c2983095895cdc4ba446fb001b4b
SHA1

6b19d9f15b32603f88ff6cd835706d03a0e81d42
SHA256

83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c
SHA512

24a0accd5a8379f06f00463d5e2d218a1cdb44a075e511c3c25b10a2667bb9d5d3f93b94f24305c449af42b19a97169e9e89759314df902c61f30080b1b4396f
SSDEEP

12288:xhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:xdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000230000-0x0000000000332000-memory.dmp	upx
behavioral1/memory/2180-14-0x0000000000230000-0x0000000000332000-memory.dmp	upx
behavioral1/memory/2180-82-0x0000000000230000-0x0000000000332000-memory.dmp	upx
behavioral1/memory/2180-427-0x0000000000230000-0x0000000000332000-memory.dmp	upx
behavioral1/memory/2180-509-0x0000000000230000-0x0000000000332000-memory.dmp	upx
behavioral1/memory/2180-659-0x0000000000230000-0x0000000000332000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\255288	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
1192	Explorer.EXE
1192	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
Token: SeTcbPrivilege	2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
Token: SeDebugPrivilege	2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
Token: SeDebugPrivilege	1192	Explorer.EXE
Token: SeTcbPrivilege	1192	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1192	Explorer.EXE
1192	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1192	Explorer.EXE
1192	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1192	2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe	16
PID 2180 wrote to memory of 1192	2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe	16
PID 2180 wrote to memory of 1192	2180	83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1192
- C:\Users\Admin\AppData\Local\Temp\83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe
  "C:\Users\Admin\AppData\Local\Temp\83bd693d613a9d558de39953458377fddc1fee3480fc020df38c90baa087cb3c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aad1b54533956d523a4208bcf1e1c6a7

SHA1
c674127bff40f64879c2c163be3a0106f9b51886

SHA256
a6ae249cbf1b19b3d55efcf985d6b0c504156b1a717f8b8ceb3fa63e33e8ac24

SHA512
454e859f92f00b9ae67079d2191aa16810ef4ac69bd53ff4cf3544b53233cf2b58b1a8b93e6d35e3862553a2d0eb65ffb4e8386cc4877f5167a418a9846cde92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
141f8dd8751a98bc2097022d48aeaf43

SHA1
7ea6e2cff91f1035a2bb891ba2f5b4799d7ff770

SHA256
22b9edd1d2cfe39eb7e11287d854d94045606b544bd5f672d08dbfd25efb53fc

SHA512
b7d1e22ce2351edf4b0aa96e366645082e9d1ef3e2a1c925c7c3c6a036d842882489e4b395c02d11c3ec4e31f18389f0f46d35d9a86ec46d1dd7b227a1891f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ca5958cc34e949d152a8f581ed1fe86

SHA1
8b38bb9921fb85dae71fe15f03f440ae92ee8992

SHA256
287b10036950d12d6d21ba2b7534fc3abd810da7d9031a249a2be292897cd338

SHA512
d51a10c6606b23cdbd076fee5e7c186c6697d0841f49ac74084a3bad3fad12d057125022d1d198af8919602fe1c7e6efa0451312629501ce2a3d72fd988a455b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2af06cad4f33e950045c8c77972350fc

SHA1
af48775955937f1d41076b42e65bb8d8f8492007

SHA256
7b8b36d82499f5a108a50d046625fc02842524ff19ec46a27841ba7cba00e2b8

SHA512
4dbdb74363598217e3de4c9f7a81596bdf9a414f1376e91587e7f9a60b62f52a177a6867c92fc8ca81d715e591cd3787b49ee941636fcbf99bd5d1e77c6c00b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
299fef92114a1507501d2f92933870c6

SHA1
93c16f44335c3bf8b6f81f1c8de5677234880968

SHA256
29bb48ea41d9332f770dd1852376e1b84362fa601d754512d0577a99604aadd5

SHA512
bedcf29e95b7f726138cd8bbd5365d9f42095f3ea19cb277d53ad5171dc95266163cb13859a6374da84af9e64b3c856ea51f997f063bfa75eab9b25d9a25cc8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60ccaf3cf943fcae73af54d9a942b8dc

SHA1
936f98ba28c29429ff61bb494c12c7e9cd78d780

SHA256
acf448fcfdff4e8112a7b1872f83d60885762a04edc894a1c0b601d9eaa91e96

SHA512
b36f358b7897cdffa2cd9ea17e737976ee8350ac154a8c6226e2dda3f44db65accc7db384f5822092fbedbfaec796526a58974b9ddc752c1dcebf6ca119a321e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c06cd173acc2feee5251b6046ac07043

SHA1
725db5d0aa685a3be7adae1633ea70f70570763b

SHA256
0abca4917e15862ffd97ddea9b4a6ba643953f760a970ac3e636ef4d05787522

SHA512
ad1e5c8164c4ebf005bd5438fb6ee85da56859fd69d7009ea2b1c28c9dfd7c11331e90a89850debf9369fa1d8ee7887284cb02289cd04ed062b7ca00685f2c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9CFD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D1F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1192-5-0x00000000029F0000-0x00000000029F3000-memory.dmp

Filesize
12KB

Download
memory/1192-3-0x00000000029F0000-0x00000000029F3000-memory.dmp

Filesize
12KB

Download
memory/1192-4-0x0000000003930000-0x00000000039A9000-memory.dmp

Filesize
484KB

Download
memory/1192-6-0x0000000003930000-0x00000000039A9000-memory.dmp

Filesize
484KB

Download
memory/1192-43-0x0000000003930000-0x00000000039A9000-memory.dmp

Filesize
484KB

Download
memory/2180-14-0x0000000000230000-0x0000000000332000-memory.dmp

Filesize
1.0MB

Download
memory/2180-0-0x0000000000230000-0x0000000000332000-memory.dmp

Filesize
1.0MB

Download
memory/2180-82-0x0000000000230000-0x0000000000332000-memory.dmp

Filesize
1.0MB

Download
memory/2180-427-0x0000000000230000-0x0000000000332000-memory.dmp

Filesize
1.0MB

Download
memory/2180-509-0x0000000000230000-0x0000000000332000-memory.dmp

Filesize
1.0MB

Download
memory/2180-659-0x0000000000230000-0x0000000000332000-memory.dmp

Filesize
1.0MB

Download