b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
Size

536KB
MD5

8330d11174bba642a0db6b6ccb0a6eba
SHA1

815ab51b49dca00b7d2424cb2fce2ba2adc68f65
SHA256

b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44
SHA512

ab03fef05b68de166a0d27555ffec72b6a33e377b302f98a4cb27974d47d95c55eca53f2040941e579a0570d24dfd3e3a515cad7686795fc4da80ddf20af8914
SSDEEP

12288:zhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:zdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2268-0-0x0000000000D80000-0x0000000000E82000-memory.dmp	upx
behavioral1/memory/2268-113-0x0000000000D80000-0x0000000000E82000-memory.dmp	upx
behavioral1/memory/2268-155-0x0000000000D80000-0x0000000000E82000-memory.dmp	upx
behavioral1/memory/2268-394-0x0000000000D80000-0x0000000000E82000-memory.dmp	upx
behavioral1/memory/2268-655-0x0000000000D80000-0x0000000000E82000-memory.dmp	upx
behavioral1/memory/2268-669-0x0000000000D80000-0x0000000000E82000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\26d438	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
1336	Explorer.EXE
1336	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
Token: SeTcbPrivilege	2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
Token: SeDebugPrivilege	2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
Token: SeDebugPrivilege	1336	Explorer.EXE
Token: SeTcbPrivilege	1336	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1336	2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe	6
PID 2268 wrote to memory of 1336	2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe	6
PID 2268 wrote to memory of 1336	2268	b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe	6

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1336
- C:\Users\Admin\AppData\Local\Temp\b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
  "C:\Users\Admin\AppData\Local\Temp\b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef6f6b92acd49d6b844ea2d5b44764f9

SHA1
8a2a65fc1cdd34eab9c1c4a7d46a93c4b9356bf7

SHA256
dfcbf798535d5f61268933c8fbc36a02850fd78fb5ae2d95549da007618735b6

SHA512
0666d25727009153e8bf1f4ef5ddd633ff1f713e7fe7b0476620eb81521d6c5119a81ca32d946f687212d895a191053e7409855976459668b40d0134dda4bac5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b699da82ca7e0759853a024d1bdcec2

SHA1
7af0d1ce72aa2be6fb41eb510356c61aa98c6185

SHA256
b33f8f217378d065bf942a819994cdc16a79e98125077736b20941826e1c5a4a

SHA512
c608476ab35a749b67267c5ac4724150af6633f0c351927cc12b5d0381fa3681f1b9043cdca19914e089ff7235629c7a750a8b1f656c3eb3c778adfc576d06e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
241ae7829d9f74cfb7dd2e562af51750

SHA1
efbd461efe90798516d2ab6a6fd4e17d06ef2b93

SHA256
3a507c0e19946b3d1c5f755162e8dbd42524bc10287edad4dbf8ff8d2bce0b55

SHA512
9d2d64329b05c03a6720849991bd7b24cf545a21009868739c57a9ac67ddc531cfdb05011886be0f85d6051ecb071437aa581ed526230e086de2b0b2ef9525c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fffd1e01cd299cf133b4f79c97e278ef

SHA1
5fe07c0fb6f9827aff6fb1218f0426aac945d74d

SHA256
ef3b42c192348b7baadf1b63acce25290fc150f0627a6a04bc0a54d7f1c533ba

SHA512
31dba45fea778842d4c38a8e9ac8b01860907dbaddae9c994e2c8d657c2eb07d3a48571d1974ff68cdc3e9a33c9abe4161100351f8c28542bd5528497e2314d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e727ea5446807de8a925e9e567c3dbb7

SHA1
ffba198633b04cfc91a053c88890d334f9530676

SHA256
6a29ad1ad1143765f726e943077ab5e46908c9994fdf0b8da8188fbd93dadee8

SHA512
2e8214a6691bc108f881fdd6c67e4390b269bfb516c62acc906d2b15b930a99c973993823a03b6c7ffb8d2a36273d491b85e7ef140b61197ead0226f1fcc3052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67834b73b07400e8f0ec0e4e4bb87d41

SHA1
f5c8ec39cae5af4bd25a58f6ca0ad2aa4187cea6

SHA256
7d6dcf9b198c5fc0c611dc7f2c31d80debe21530f3074da1793093a4b30b7998

SHA512
3bf486f13ac5e29899e54cc2d242c0d5c7c6691687e7b91313593edf2609b8d2c4161d30409a8f0607035876dd2d795b6f35bce842c16e30f9a175587aef5d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a07ff2525faa32ba75e0e7bfaff2b70e

SHA1
65e504e5228afbb79b18fb106405fba672139031

SHA256
bcaea0d481defef475617311a39cb07c4ed877dd997ec022b97e74f3e48ad052

SHA512
93153c17951c58c10bebfe8b8208eb283db592ec3dea2664d4beb2d4382267d9a2a14007a8178f3c39773a900a468d8538d35d7bff86f98832544ddb6e8829de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0430e41ba9121eaddc0c99973da46d91

SHA1
0ada2eec55e5ee7fb2f6ff410f27d673dd6f5af8

SHA256
34a2dfab70848f3b8d72bbc1394cce8db44e8ccf137a1fd69e4c86d86724c758

SHA512
d5363b2ea84cdf8ebeefe73b3c65e5bd1b4ce15fee00590cc99550e5b161a29e28332e9d870847a77464ac85c2890d70275a04037919be3c79d4b2cc0f5ec153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ce7c6d24f7f5d3369795d883a54d755

SHA1
44ddc1bdf71578642bee8c156912410828009517

SHA256
fa3d7ee31ee61f52f1e0bb7b36e8efb87e83018d3a1b92011695cfc552665161

SHA512
73f14f131bbc915af80ec06bbca6ad8e61c832ab2e11e7807e63f4fe8766a791eb923b6530ebbcef330c021077d59e7c80eb91566ebc20c3a4ed2ce77fc6f959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ae7838cb4e53619b0584dac43a79c08

SHA1
cf0fae631b9ef42f69940556422cd54f911c0196

SHA256
c373a4104ee0522c6ce20b1d28c55c828d25577d01b8ca948ae14ba743ba98f3

SHA512
f7c6e21eb57646ac708db238d9ffa8b588483652852a0095f2053d92884aff406aaa5043d8f62de1fa5bb2b040b750f2d2725e32d0d26799ee8a53f211348e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9677.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar96D8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1336-115-0x0000000003C30000-0x0000000003CA9000-memory.dmp

Filesize
484KB

Download
memory/1336-6-0x00000000029E0000-0x00000000029E3000-memory.dmp

Filesize
12KB

Download
memory/1336-5-0x0000000003C30000-0x0000000003CA9000-memory.dmp

Filesize
484KB

Download
memory/1336-4-0x00000000029E0000-0x00000000029E3000-memory.dmp

Filesize
12KB

Download
memory/1336-3-0x00000000029E0000-0x00000000029E3000-memory.dmp

Filesize
12KB

Download
memory/2268-155-0x0000000000D80000-0x0000000000E82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-113-0x0000000000D80000-0x0000000000E82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-0-0x0000000000D80000-0x0000000000E82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-394-0x0000000000D80000-0x0000000000E82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-655-0x0000000000D80000-0x0000000000E82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-669-0x0000000000D80000-0x0000000000E82000-memory.dmp

Filesize
1.0MB

Download