cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe

Analysis

max time kernel
160s
max time network
187s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
Size

536KB
MD5

783ae7186b8a57ab5fc50db3b5a05777
SHA1

9e9d111b16b824f5627020e52e685d3fbe1483ed
SHA256

cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe
SHA512

4575a4e0e2331d4837dbde9dd1e79c27aed2b92e0fd89dc6971f989a6abfef62e762e2f0a4020c80a7cb5bbe95b8c96f9eae91ee613148cd6c700b7325a63adc
SSDEEP

12288:/hf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:/dQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2856-0-0x0000000001270000-0x0000000001372000-memory.dmp	upx
behavioral1/memory/2856-113-0x0000000001270000-0x0000000001372000-memory.dmp	upx
behavioral1/memory/2856-299-0x0000000001270000-0x0000000001372000-memory.dmp	upx
behavioral1/memory/2856-730-0x0000000001270000-0x0000000001372000-memory.dmp	upx
behavioral1/memory/2856-735-0x0000000001270000-0x0000000001372000-memory.dmp	upx
behavioral1/memory/2856-749-0x0000000001270000-0x0000000001372000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\30e550	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
1200	Explorer.EXE
1200	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
Token: SeTcbPrivilege	2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
Token: SeDebugPrivilege	2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
Token: SeDebugPrivilege	1200	Explorer.EXE
Token: SeTcbPrivilege	1200	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1200	2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe	15
PID 2856 wrote to memory of 1200	2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe	15
PID 2856 wrote to memory of 1200	2856	cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe	15

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1200
- C:\Users\Admin\AppData\Local\Temp\cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe
  "C:\Users\Admin\AppData\Local\Temp\cfe91a264e83dee338744d9682a528326acaa539c925d30012e239e16d1471fe.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84e8af7f92c11c946e154ac9a3837910

SHA1
0ea5072d5125d03c3e4b7396dfc28e4ac05b281c

SHA256
a9385ed5407b9ad6fc778faacbe9146301b19880c60de0106ce7812032294e77

SHA512
9a278cf47a5a60387ca57ed9fc32d737ac0dc2cf57ac5cad710530bd773fa5c4f85df8be39a35494e6c789da5c9b9964a59b123f4c5c8ee02b1477d3d9104a0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a98e5031056532b03c647d6400d96c1

SHA1
ae84d8be9ad6560c8abd3cd886e0244880949d4b

SHA256
3f13ead0a3e96f259df0a8a700214d0e7aaf21080b91ce26537e3ad34e6da503

SHA512
4f9f85982ddc0d0ee16df3bc2e226696d2ce24854fad8dd30a2329651b3047e6581ebe7410a6a07cb9d1ed0a9fb2faba08e54ca3e270ec840110b7c0f3cd6142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76bbf6d72153ed8ef09162b7e06b8213

SHA1
3abb77f750af8099e554fbe7170897c1e280624f

SHA256
e78e67b01bf8f70cb946025b81d8abe7f2ff5bf7753cd241e23fb0ca402380bd

SHA512
5c85482b30a9b8ea06f7238d5c780b256947f5d703a0d0604d11019ff236c701621cdc5bcb7cd5ad8e33f32a0cccb2e17ea77e7ae1141f4d86f99a30aa3c6378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca5c2bb8ea9c0f434d1c783137ab4aea

SHA1
10ce7f3974d5cf95ee972939234ffef0ab4adf43

SHA256
311e015eeda4f0f3f77ebacb5a4fbfa3a80700ecd306e6d0a722b9075550ee14

SHA512
67ca01f924431a46f7211da9fba33fb9c49237c5351366111b727d543861275f3ac0e989f554dd47ca3ead98cd5b6222a9e06af188c42d528bd5e81bcfea56b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a3ff30b88fe14a153f54bf9bf40cdcb

SHA1
d4c809dd5172fbf16900abf729ca81221ee5fd29

SHA256
31e2601c5e822e5d5d8975034efd39e18853d836a2700f4994f3957ce1c93b93

SHA512
aca71978c2267f80650f254e403a69c028430d805021627066fb344cacd2c08751ec6923aa11a89508024019ac178cbb9f5a07cdb149f5cbbb2afd0ef79c19d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c0ee767b5b1a2a43c95564f79119acb

SHA1
15d65e0c8741f5e5ab9cadf5210d0919077a053c

SHA256
08590316edadffefa7081b0264d701c6d57e0e27312971cc1a40b7bff53db0d8

SHA512
1403b2f35651e428884e7c8740c40345b6b94b8b6d71a2a0ed73438eb3fb5c8c9dd40cd28958055cddd57b60769f6601f833fda16ea740e797fd2ca63ed30bb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5b50ed91e11ed77f71d5d156dbc30cb

SHA1
33df814eb82dea009de877f90c6027d85fa5f58d

SHA256
87359f12ce48a41ee24b8f52f4d4c7f4de338929b7515f133a10e2348d712a44

SHA512
af6fa4bc5fa5b39f90ab140bfd931df55e5f770feff769443da190f654925a48293136478a9fa4abc178c51c5db583ca13f8d113dc51477f66dffb99f70e5c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE810.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE832.tmp

Filesize
126KB

MD5
1475c9f56a9c808d3c4a60e9a8e44cb5

SHA1
953e92434f9e3adf87f891901064753ea0540d69

SHA256
53067f1579a1b260291b5b384b90779872515f601b7eac038c4a3a04a3727ddb

SHA512
6a76ed6531b96e91aad13cef3e3680220f064f2f53b4823d3af1720afd1f225131f8ac96ebba4473413e0255d55dc4317b88120b344a3634d06a7cfd42179959

Download Submit
memory/1200-223-0x0000000002B60000-0x0000000002BD9000-memory.dmp

Filesize
484KB

Download
memory/1200-5-0x0000000002B60000-0x0000000002BD9000-memory.dmp

Filesize
484KB

Download
memory/1200-3-0x0000000002B10000-0x0000000002B13000-memory.dmp

Filesize
12KB

Download
memory/1200-4-0x0000000002B10000-0x0000000002B13000-memory.dmp

Filesize
12KB

Download
memory/2856-0-0x0000000001270000-0x0000000001372000-memory.dmp

Filesize
1.0MB

Download
memory/2856-299-0x0000000001270000-0x0000000001372000-memory.dmp

Filesize
1.0MB

Download
memory/2856-113-0x0000000001270000-0x0000000001372000-memory.dmp

Filesize
1.0MB

Download
memory/2856-730-0x0000000001270000-0x0000000001372000-memory.dmp

Filesize
1.0MB

Download
memory/2856-735-0x0000000001270000-0x0000000001372000-memory.dmp

Filesize
1.0MB

Download
memory/2856-749-0x0000000001270000-0x0000000001372000-memory.dmp

Filesize
1.0MB

Download