aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe

Analysis

max time kernel
147s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-01-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
Size

536KB
MD5

4886ee77dbc910da2e6bdb830eed4140
SHA1

330950e6794e78ac3d9f736c43a05317c8328b49
SHA256

aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe
SHA512

ae28c1174046e1e7a026304e3e0f2ba77700d12485c7a5598894d02a015d61f502aadd837e087f0434ffc163409c41c563c985be2f4b247b8053ab459ec19a76
SSDEEP

12288:Khf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:KdQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3036-0-0x0000000000FB0000-0x00000000010B2000-memory.dmp	upx
behavioral1/memory/3036-77-0x0000000000FB0000-0x00000000010B2000-memory.dmp	upx
behavioral1/memory/3036-263-0x0000000000FB0000-0x00000000010B2000-memory.dmp	upx
behavioral1/memory/3036-610-0x0000000000FB0000-0x00000000010B2000-memory.dmp	upx
behavioral1/memory/3036-692-0x0000000000FB0000-0x00000000010B2000-memory.dmp	upx
behavioral1/memory/3036-706-0x0000000000FB0000-0x00000000010B2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\33fa38	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
1212	Explorer.EXE
1212	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
Token: SeTcbPrivilege	3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
Token: SeDebugPrivilege	3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
Token: SeDebugPrivilege	1212	Explorer.EXE
Token: SeTcbPrivilege	1212	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1212	3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe	20
PID 3036 wrote to memory of 1212	3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe	20
PID 3036 wrote to memory of 1212	3036	aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe	20

C:\Users\Admin\AppData\Local\Temp\aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe
"C:\Users\Admin\AppData\Local\Temp\aa75cbd3f282aca8d63933673abe2ea0597549a65e9fd49f5cd00976fc9ffafe.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3036

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da420be46c15402d0d3a7947b2362f73

SHA1
61a7f363891d2f71a087fc97f7fbcce7f9480622

SHA256
fdb77c0a8a698d6daa7e35e499c241760d8175cca28f3402c9e95fd790858e08

SHA512
ddf9e4a8084ce01c416731db4bc1cafd8623d75b93af3a69fbe4972972ec33563eae5978cb327af215b1515817c7e6decf23f0e2f39a934ec1ae8d00a67beaec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e88f2fa58f026800eecc5e19a07e993

SHA1
d2fde9924d67b43b58047996e9ec82b281397df2

SHA256
bcf1ddcd32933be56aecdf738544778774ef7868198960a42b039c76c034c7e8

SHA512
5be5ad4391c9015cfb9c29fdcff9548ddf69d6fb9bca1b84230475cadfc231898784175681ca5d00abab4576bb9a4cdb2fb7ab0b4a5584029c57cc915dee500e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4efac10ce671ee36923d6b37a1bbaa9b

SHA1
09b910abd9964577e973956336c99be57f744eaa

SHA256
2d893f157f28ae6fa147fa1e6be386c00c955fdd49c605101248a7bdd76f8ad9

SHA512
3d1fb11eb162a65d1670e581ba0d2581be984419f167fa23259294847e18713dba13fe26c6a24c5ac76371bc4fc36bc9532cc43220548a009a5415479fabb03e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d1206b77ed570c6400f2fe49b1e19d9

SHA1
035841edf83c8af7bcb5fbcde095f6330cc0f77b

SHA256
ee27698329a583c2d59705b2e8150c3822a9ed20cbd8785047e52c0db4925710

SHA512
37a79b868b58205a02c9e922b995e099974123c62d2c301a3d7b0b8c46110064e65298abd150034daa2d9915cbc380e930b573231ae6bf5d1d4bf882201d5414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d966006174d3454a33695a285d3f178f

SHA1
bdebc7fc6600b755107b535d621b316d543c023b

SHA256
33ca4b606d0e3b2ef1b4cbbf8dcab5cbdb26bb8dfb4f193d15a2b18eaa30a9f0

SHA512
594a6de998c69fc78ae0c2b7075c7d898cfa3ed96652006ae864ac97b0b161d2efeabc301153abed26556db1b3978937b0805d9a5e300d3dcfdec6e46048f3c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba610559cbcbf9f3b24441b92b683014

SHA1
f6836261f6017105f27c8f1e3c172a197672f482

SHA256
d1a4be2d56a633cb78aa478f3a47f4e9d852692d655038d1631feaa5e32ff92a

SHA512
357a6a96621100c3df42c83db697c36f44a9fa549a1b89204b70b1c2093e75bad36dbd81adea4c572cf7b608f3458c2e2b3ef8f39d105e35b611d4af0dee4e46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b04fe70c1fd45912281157d2a5d40f3f

SHA1
00f3d0ff7fcf2843a56a4f930ceafbb35a7b2235

SHA256
ba92c00c66f2d94d575affa8d6f267681ff6d32fc95da56601024d1911592e4b

SHA512
c30bc4b353db1094806f128f74a82de7b59748f8a5924b93fcecf15f04a298e84b4c009e9873ae8330077f23b468c192115ca088dd07ecb1bdcf5140d40e68bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab317E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3181.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1212-187-0x00000000041C0000-0x0000000004239000-memory.dmp

Filesize
484KB

Download
memory/1212-3-0x0000000002D90000-0x0000000002D93000-memory.dmp

Filesize
12KB

Download
memory/1212-4-0x00000000041C0000-0x0000000004239000-memory.dmp

Filesize
484KB

Download
memory/1212-5-0x0000000002D90000-0x0000000002D93000-memory.dmp

Filesize
12KB

Download
memory/1212-6-0x00000000041C0000-0x0000000004239000-memory.dmp

Filesize
484KB

Download
memory/3036-263-0x0000000000FB0000-0x00000000010B2000-memory.dmp

Filesize
1.0MB

Download
memory/3036-77-0x0000000000FB0000-0x00000000010B2000-memory.dmp

Filesize
1.0MB

Download
memory/3036-0-0x0000000000FB0000-0x00000000010B2000-memory.dmp

Filesize
1.0MB

Download
memory/3036-610-0x0000000000FB0000-0x00000000010B2000-memory.dmp

Filesize
1.0MB

Download
memory/3036-692-0x0000000000FB0000-0x00000000010B2000-memory.dmp

Filesize
1.0MB

Download
memory/3036-706-0x0000000000FB0000-0x00000000010B2000-memory.dmp

Filesize
1.0MB

Download