048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
Size

536KB
MD5

8c718800cbf92a2ac8bad76b03211ec9
SHA1

5499efdb2e6bfdbc9bc12a5927e87eeb1defb522
SHA256

048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0
SHA512

2bb118a2550483b184dd273cd4d62015a8a272bec90fd002dde0abfd334107242a96a2c20fb4da7bdb04afbdd76eb9cfee6651af9481c2daa49e3198c350e3ef
SSDEEP

12288:Rhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:RdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1676-0-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx
behavioral1/memory/1676-14-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx
behavioral1/memory/1676-199-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx
behavioral1/memory/1676-363-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx
behavioral1/memory/1676-686-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx
behavioral1/memory/1676-691-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx
behavioral1/memory/1676-705-0x00000000003F0000-0x00000000004F2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\1cb198	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
1200	Explorer.EXE
1200	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
Token: SeTcbPrivilege	1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
Token: SeDebugPrivilege	1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
Token: SeDebugPrivilege	1200	Explorer.EXE
Token: SeTcbPrivilege	1200	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1200	1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe	20
PID 1676 wrote to memory of 1200	1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe	20
PID 1676 wrote to memory of 1200	1676	048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe	20

C:\Users\Admin\AppData\Local\Temp\048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe
"C:\Users\Admin\AppData\Local\Temp\048419f17e2700b03e19e38f06308904a81c2dda648c6c5f4d25e97d32f7dbc0.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c789751e3bab9df6a2837b5cb10a0fb1

SHA1
1977428c0fdbe9bb53f500aa94cf4f5b8d86b4fa

SHA256
ea9256288c6ffebdeef05920cacda8fdeb8ffac2dff25a271c6d8e10969ad75e

SHA512
be60a3b4b4aed6c925c5fcb3b4f89cca3630e18321a644ec6cb3ca6029705cfb37aa11c86dcafa512f14a94260cb84258a67e4f74f8782cdb051a9e0bfb5c9de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21f401a2ace52266d954eedc416358db

SHA1
208195c8d2719e166dee37c098ac94f9782f3808

SHA256
4c3c3f1ea6f17aa01182aebca4ffcadc9e1dbabec527306b17e2d29700eb064c

SHA512
e67f13b8a6eb566c90147aa0aba02c167c9c4f72fa9078637d7fb610c5f3b3cd84f0894de5a3e013ef0b20f53d34e049bee667b5971a8af5bbe10ad4d75a005a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5893abd1a3f879321615193788a8678

SHA1
751a92118254f0e4483bed5f3b645c95131c9e4c

SHA256
2e05c1f33936d0059c22021ace46ce420d93958b57e75a22770ca68e77d23c5c

SHA512
08e157ef860166e4bbde4ed168afca832602310128600d855adc80f3fb0a3fe3587fc7049090f87b11062693f89fb1fd92c3d182c822662931fa13ec7fd0149c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af4d78b90210b469c7a69c9b0c2de99b

SHA1
6525da036cf777ac9d6660f93e1dcd7781d20b79

SHA256
6dde2da93bffdc5c33c3bbe3e8b9f1fa8989ca9d3eb7b79ff4b0fa4c1dc4db63

SHA512
e7345bd5e7b61a025cbdacb18c63b96cebb335e9b90e0a4adb35ad87c3111862139a9d123e17b6c512011a02bb86f540ada6101b1c163d692aece75987316d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
201766e4e542b9c29964bcf597f1ac3a

SHA1
e003fff9ffb5f583629a0288a817857a5de329a4

SHA256
2b901373afde63fe97f6bf36c8e4ec9a792a817bf754fcc85f9f6bc132b3f8c8

SHA512
a6de36df2873d8ce865d96146cf52af056981dbccc8954aa885e0f4d9c1e5cfd9c10e2116aa7a93c0730c7e4cb9efc7166575736911bf34d4ba6981d7a073f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21ea39df258891c4eea18d24a8bf861c

SHA1
64bd943b50cde58e320e91a595de46b43f7a01f2

SHA256
27556e719e094d76c0869f5cd2355748fea63652227cf9a7948f3d06f525e822

SHA512
3f95e48caf358731f9ed7be0aa31810c92eb13d96db5d7a4cb0d2b4025f9f86d20d5ab24d9922812ef9a3570de73deaeabcdba9bb765ddf6201163786cec916d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
433b3d36a74c4a97dae11c6581dc1a23

SHA1
44a8eb657da62be89ebd8ff46d0c4b090f72c21c

SHA256
4ff46ba10050b03b94bd7e902f7104614f5e84618a17c8a2b6edcd7005e043a5

SHA512
cb5e3a632388a2e00c9105e206268d5cbf82f9793cdfd4277abd4f4963898829979c50da633d8abbeaac8f419b0b9f20587dd69ac748e87ae2c771359a1b2f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97a9d1a76a1ef31dcd8706958b261aec

SHA1
dbc525928c732431cc3965bfef1ec373b21a7928

SHA256
f04ca265a7713c86a88251c9553bbe5c65c0469f4f8e999e7edf9f6bd383a634

SHA512
6d7ae630f3e93cad05736fb1b207732f10d5263580ef1d6639b8682335529635f2f285a2bb1a72009965f3df023e130e4a49c21ca7f2765069dbf8752a7a5e22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab51F9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar520B.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit
memory/1200-43-0x0000000003F60000-0x0000000003FD9000-memory.dmp

Filesize
484KB

Download
memory/1200-4-0x0000000003F60000-0x0000000003FD9000-memory.dmp

Filesize
484KB

Download
memory/1200-5-0x00000000024E0000-0x00000000024E3000-memory.dmp

Filesize
12KB

Download
memory/1200-6-0x0000000003F60000-0x0000000003FD9000-memory.dmp

Filesize
484KB

Download
memory/1200-3-0x00000000024E0000-0x00000000024E3000-memory.dmp

Filesize
12KB

Download
memory/1676-363-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download
memory/1676-199-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download
memory/1676-0-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download
memory/1676-14-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download
memory/1676-686-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download
memory/1676-691-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download
memory/1676-705-0x00000000003F0000-0x00000000004F2000-memory.dmp

Filesize
1.0MB

Download