2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
Size

536KB
MD5

65450eb8482730e5e5add388283c85da
SHA1

fa34e46701dd57813e60ca43ca867c952e477b89
SHA256

2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db
SHA512

fb08d5d48bd400238251680f484583ddfb44803fe4f4249b6b96493bffe478a8173adca3f07ad71b60a75a5cc5336758ae86941bdcb3db3cc6576b3d2de3275a
SSDEEP

12288:Ihf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:IdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1472-0-0x0000000000D20000-0x0000000000E22000-memory.dmp	upx
behavioral1/memory/1472-15-0x0000000000D20000-0x0000000000E22000-memory.dmp	upx
behavioral1/memory/1472-157-0x0000000000D20000-0x0000000000E22000-memory.dmp	upx
behavioral1/memory/1472-465-0x0000000000D20000-0x0000000000E22000-memory.dmp	upx
behavioral1/memory/1472-687-0x0000000000D20000-0x0000000000E22000-memory.dmp	upx
behavioral1/memory/1472-692-0x0000000000D20000-0x0000000000E22000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\193380	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
1392	Explorer.EXE
1392	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
Token: SeTcbPrivilege	1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
Token: SeDebugPrivilege	1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
Token: SeDebugPrivilege	1392	Explorer.EXE
Token: SeTcbPrivilege	1392	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1392	1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe	18
PID 1472 wrote to memory of 1392	1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe	18
PID 1472 wrote to memory of 1392	1472	2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe	18

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1392
- C:\Users\Admin\AppData\Local\Temp\2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe
  "C:\Users\Admin\AppData\Local\Temp\2ec8bbb23334ede0c92a9126891675ef0d4e7d8af4603cbdf9cf0929eebe09db.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff16a2504e622a7c73b56c73f94ee645

SHA1
eeebfbceb33ee2743a743a728d5e9ac8c91bdc43

SHA256
5b0e94f03e1414f8d78cb321561b2f7ee5cd8426eae63975a122ff25cd27e51f

SHA512
ca93f59976a6e5981d430ec783f520a074e85d8195c956699caac44ff77fe51450d8543793fd9dd42443b0ab7d0063e8f5555fcded1c9b14051f5d208d42172f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19aa64729a637cacfa957fbe3b264e9e

SHA1
de9a1104598894a25d9f39fec21b2b35aae87b13

SHA256
a4424c46d8ae786f166286f2b447b6aa45bd37ca0a8863a29aacd5a15d7a8384

SHA512
64acc76ca27b70dfe61f102cccaf37504f54936376ea9314bcb80336ec0cf45da378ebff2df905698680939acf73165c5bb1a70485c1349cc7a1429d1dc66344

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9777530aa6a2258c53b07475cee39bc1

SHA1
c8fc3f992e7d152d4c342b7ea8967459792b0670

SHA256
290026ec7aa15843cd5f059f2a17805c86e990874b39e3a31c41d25a1927a60f

SHA512
64b7b6ddb0bb0df4955c08c360d8a1bebba5479d55c480a09fdb05778a44b1ab75d27030f28ccc1264cce53dc5d8dfdea55cbb7721cc971c4f6e605682288161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
792125cb39b9bc559b66ffeeb392047f

SHA1
1be66a447be5b87f1867aac05ffd2c82fee64ba8

SHA256
b9c7689f763b841688d368b2fe45ed3b43878867e56dd053b600b5c662a28bf4

SHA512
b0500185e79fca82355fcf76390742c5eeb3233a77068adb3ae72f5a05151309847477a90e13e244d43956b88339b3ed68a14bc6db4802bd3e195dcd1f3e20ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e90b536bb1696f4df926b96836b79918

SHA1
33083d1329dceb4ed76044398b46dd758368f8a8

SHA256
9b247297dc4548a27c48e9acef4822afd70c5092afd939343fb26aaca0789e2e

SHA512
8d3bcb2719cdb6775775d45822005935028300446099964fdf8063e19fb4192795bd33d6fe66ff0721e0b2a13282c371777ed0f4738469317e54963a610758ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3fb87d74fcb170117be50306bb4b7bc

SHA1
889f4e8a4b70077d2866b845bc4e1bc121b711aa

SHA256
283911a94c9de1fcae656293b7e3e055b99dbb29e2fbc0e8f0b557cac8f974d3

SHA512
7a54fc38afdffac41e7ca813b1fe18cf7533a721f8c6088b308a7dc24d640fe316dfdeaa64a7402292023833505ac1cc9cd57969be0cf8c888f7d577f7957206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f740bdd628a9b5062ba204487994950c

SHA1
0d039a74d218c50100a3892d0fd4c06fb3f7c8a8

SHA256
1d5f18c725cb394d6fbe51f0fd33a5dcc471d18f20828012f24e665bd1e1d829

SHA512
ec5af592da6c04b49bd60a7f42e978536c17beefaecbc5b9812791dacf4a50ab8ad5b49131411a5f6c83f20f53397bc913249f7241c64dbf7fd4966e7483cf17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdcc7ad59f7ffd695af9a931eec673af

SHA1
eeeb73a8d487b70e2f6bf5846799b2d5c7e2205e

SHA256
83dd6f577f35c66223624c6d06be5c15e7528cb83549aa0d9a18d7bc54ddcd18

SHA512
0bca35fcf65b615107bea9542f879be456f68a7f957cd3e28ea28b4457e45148f70e8f2bda761db69e3e87637a14da039b6eb52ace79223d08f692d416b04106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d5ebf9a185455c66c7a6f25ea046386

SHA1
b8600144744994d11bcc4c56e7c136d6b78aae1b

SHA256
6fd4fdbd1770257ad7c44ee7cdb1eb3417b6e46e084bea2cbb0f8d88f006b010

SHA512
4d7dc0cb5cfacd1c90845e0df42a044a04285cd994b7120c337634a89cae4de809aa49f2f5e909ed16e14123c6785f566d260fa9460b3dbf17944898b8f7185c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE1F8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE259.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1392-7-0x00000000026E0000-0x00000000026E3000-memory.dmp

Filesize
12KB

Download
memory/1392-80-0x0000000003EC0000-0x0000000003F39000-memory.dmp

Filesize
484KB

Download
memory/1392-6-0x0000000003EC0000-0x0000000003F39000-memory.dmp

Filesize
484KB

Download
memory/1392-4-0x00000000026E0000-0x00000000026E3000-memory.dmp

Filesize
12KB

Download
memory/1392-3-0x00000000026E0000-0x00000000026E3000-memory.dmp

Filesize
12KB

Download
memory/1472-15-0x0000000000D20000-0x0000000000E22000-memory.dmp

Filesize
1.0MB

Download
memory/1472-465-0x0000000000D20000-0x0000000000E22000-memory.dmp

Filesize
1.0MB

Download
memory/1472-157-0x0000000000D20000-0x0000000000E22000-memory.dmp

Filesize
1.0MB

Download
memory/1472-0-0x0000000000D20000-0x0000000000E22000-memory.dmp

Filesize
1.0MB

Download
memory/1472-687-0x0000000000D20000-0x0000000000E22000-memory.dmp

Filesize
1.0MB

Download
memory/1472-692-0x0000000000D20000-0x0000000000E22000-memory.dmp

Filesize
1.0MB

Download