8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7

Analysis

max time kernel
251s
max time network
296s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 11:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
Size

536KB
MD5

6042a0cb6be95f02ead1b8d75a86f225
SHA1

d03bb448e3180ca8eea676615a351639c6c16bf8
SHA256

8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7
SHA512

7b8c02c6c812bf05168458a45218c510f3d1a0187dd26ff9ce8248b2b0335a416cae0acfe280c76da5e9d699508e2386b1fcbbd96b2a2af708ec85961ea795a3
SSDEEP

12288:xhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:xdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2852-0-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx
behavioral1/memory/2852-8-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx
behavioral1/memory/2852-93-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx
behavioral1/memory/2852-224-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx
behavioral1/memory/2852-653-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx
behavioral1/memory/2852-658-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx
behavioral1/memory/2852-669-0x00000000010E0000-0x00000000011E2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\30d3c8	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
1204	Explorer.EXE
1204	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
Token: SeTcbPrivilege	2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
Token: SeDebugPrivilege	2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
Token: SeDebugPrivilege	1204	Explorer.EXE
Token: SeTcbPrivilege	1204	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 1204	2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe	7
PID 2852 wrote to memory of 1204	2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe	7
PID 2852 wrote to memory of 1204	2852	8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe	7

C:\Users\Admin\AppData\Local\Temp\8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe
"C:\Users\Admin\AppData\Local\Temp\8eb91fa5e13fde0a5789c071b908cba9ac04b3df02d0e2821611483f1bd97ef7.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2852

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf01ac5ad5184efd998873fc491e82d7

SHA1
26dbc1940611067c66af7b72d3cdddcd94b83c43

SHA256
e8e0dff1cace54483d37cb9380da09e436c6e73e0a85dc3ef7579b0d2371e02c

SHA512
1bba1b6a57139cb0667a6f462a0fbffad6dfaa25cfb3e5672d67f6c7b05e5759123704989e5648256bfed36664bd886ed750b2326e07230d01849eaf37a521b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b63a0a8a8cc410b579dea915dc58ea1

SHA1
e48e909b192837e915ada7cc44bcf97ffbf65006

SHA256
347fed9d76fc96a28ce349c45c8809653b47fe19979a1e888cde94b8bc1065fc

SHA512
814970e9563345494f3ea256ef49ffebca57dc960919b7bfa55d81a2e311844123d6ba1fd70fbae4bd1142aa8554bd5af779cb6277fe7426bb84ffac0a0553ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efb6bf75659199580e3f7eac74aa30b9

SHA1
a04cd0e52fcfc9f23e497451ea357e82025ea1b7

SHA256
7240638aef3d46f19e3e8bf16d5d988663b05252f6086e85ac32ff7cca56e447

SHA512
41f007e06b9cf296a51365a4d303ba834b93ad784f33e63ba857f65d75268b6c3a7a0ebe3d40ef9a2dc4f07a4ad9c22229bc4b87524db79f36f5aa33001fbf2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9448cd998ba9e1aff90045f8aa25e337

SHA1
0d0e2727820174979a2f8bb31a9f6c72dc4c37d5

SHA256
f19a783898d8c7e97ff3c5b9f45b91e371c4ca61bc8795fdb69ce6a6182488e6

SHA512
72b5bcde09885c3cec779a1147e65376d7be0155437807f450fb6e39429b0418283f639ec077f063e304ba7a5496fa489febed92c1ca74d8ee8a0483f66dc088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1b19fdd4b29213b95cd6c96507d1463

SHA1
8e667223d03444b582d4bdc59b6fc30097ea6169

SHA256
d39a788d338c3857605317b547b5ab222951027e6a90aec2f38c6201ac251cf0

SHA512
d7023870fdc2c8d547629022aab1f791239f09a8c35f7a54300f3fae87bdfd42c980cafa003386edb17de7c1ecd934a61740d65154b1bb372fea0f2583aa1125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fb4f63cbd7fb1fdab26788ad78da5a1

SHA1
2ad4d092676ef93a143ddbf0b95d6854830a2743

SHA256
2634b084b8b800257257fc796e71af829f667676278f195366e10de1284097b8

SHA512
94505597771967f4e7f8344b94ec938ee96d457fce7a4ce87f1537f58c3a6f44de89021409a94f310fe050db7653571e589e35b6af5d8aa82ea5c1c1039f88db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6ed851ea272ed55ac89f0c642299833

SHA1
193decf38d34dfa0c93df189880adde9f14f3ffc

SHA256
0b2baf8f44eac7dc64367d3c6c7b1fff94aa8afd4bebd18d18002cb8a6b39f15

SHA512
9a5bd20985848ae9ce78b75425770193f2716b52a0253d9627ee9fc84e727578359c24d3def609e3814452977eb797d78b7e069ea6f4718051a792b9b14e0468

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
827fdfad3a0c34fafd1235ac8ef3af06

SHA1
9357aa6f84e363c7b32ad97c1e21a3c2d64aa2eb

SHA256
e232164dc8c69a2137a638fea058c68f7e85fb3b82c3851657be8d080d102415

SHA512
7ba21606b2cc4718470260a9055eb978265cd9955153093fcacfae102871bdf04bdaf8c086b852aab733b3fc3ab53cf31e03aefb373d2e9053029add09cef89b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fe9a93d2be0775cf5bb90993b98330b

SHA1
3904d406dbe0d2e3a5789e6ee339fbe52c5a0b8a

SHA256
916f663730491e4b53f8b6ab73dc62ad7fe6c1b555a0855768ec6d82cb7c556f

SHA512
fa917a1f499cbfc62d9013091d6bbf0d0da15e05fce09ac1bb9efbec0a15f595bdcc761b238c330f941ef8538d51d4999fa5c49b09a9cd2050840c0c6f0eb463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d433bd4e86b209fd3904f0111949aad2

SHA1
bf07670946d93c1db38c124fd7f924c3625bdaa9

SHA256
b8b6a03e86830e542cb7c949e0c2f72ed2b74539d73fdb6a02639acd12e07fb4

SHA512
f271225258698a728df7e343d79b764782544ff2929a36a5d7efe3b61fe50806de6a0e55b0fa93ac23498d8cac55faf7a0b7b05796de8470ee810a1601dc5abb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBD1A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD4C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1204-3-0x0000000002A20000-0x0000000002A23000-memory.dmp

Filesize
12KB

Download
memory/1204-7-0x0000000002C30000-0x0000000002CA9000-memory.dmp

Filesize
484KB

Download
memory/1204-6-0x0000000002A20000-0x0000000002A23000-memory.dmp

Filesize
12KB

Download
memory/1204-4-0x0000000002C30000-0x0000000002CA9000-memory.dmp

Filesize
484KB

Download
memory/1204-46-0x0000000002C30000-0x0000000002CA9000-memory.dmp

Filesize
484KB

Download
memory/2852-224-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download
memory/2852-8-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download
memory/2852-0-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download
memory/2852-93-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download
memory/2852-653-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download
memory/2852-658-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download
memory/2852-669-0x00000000010E0000-0x00000000011E2000-memory.dmp

Filesize
1.0MB

Download