feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 12:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
Size

536KB
MD5

96839deca65c58e99f48c6b5afbda692
SHA1

59cc1b8d8271329681e08716225d4940005bc8be
SHA256

feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4
SHA512

9b78cae84a264a5d5f1a1b29228a1052c78eb9168b738b3726d7a8af0870bf4fac271f73b6b40ebbec99f8640aa4dbe1bc16e109f09fe23a992d44908730ae4b
SSDEEP

12288:+hf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:+dQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-0-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx
behavioral1/memory/3048-8-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx
behavioral1/memory/3048-389-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx
behavioral1/memory/3048-504-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx
behavioral1/memory/3048-611-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx
behavioral1/memory/3048-757-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx
behavioral1/memory/3048-771-0x0000000000B70000-0x0000000000C72000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\342ed0	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
1368	Explorer.EXE
1368	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
Token: SeTcbPrivilege	3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
Token: SeDebugPrivilege	3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
Token: SeDebugPrivilege	1368	Explorer.EXE
Token: SeTcbPrivilege	1368	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1368	Explorer.EXE
1368	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1368	Explorer.EXE
1368	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 1368	3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe	13
PID 3048 wrote to memory of 1368	3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe	13
PID 3048 wrote to memory of 1368	3048	feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1368
- C:\Users\Admin\AppData\Local\Temp\feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe
  "C:\Users\Admin\AppData\Local\Temp\feb5168f15c7e3f8312200211060fd15d4359b084a839cc4577817c81c81dde4.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
27b07a06cf5bf4a4776a47a29ca62c4d

SHA1
ea09bc40cfb2969c05874730e9e7d6d7aba26357

SHA256
2790dba5f258b4ff0dffc5e6eda4a22dcf7c9cb0ac0e8207a9a40f773fd8515a

SHA512
01a6f0c1390216cb721d0ed439ffb5dfa04daeadf20423a59594d98ab57a50c7ff93f376ebf1de07b2cde6d6ad7ddda224c050347382fb39c759c1caa838b916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5efac2fa933c86b7eb98b3a80ed5d4fe

SHA1
958f80f3f48dee89d2d5445c6cd17475d0be1f85

SHA256
3370b79543db8f7457724a6e21aa8aeca0b593f1d768b7b202693cfabedb8cba

SHA512
ba8b1ae3ec4fa4b2ac15cf3f85f975fb72b754486bc333228c9c37a4532057f9bfd60cb24dc3d81a5bb02492d459ac892ed54160aec3ec00b8ef90c687b3a837

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b2235ed52889ebf22be581b57b44551b

SHA1
a463dbb13fa6051d1afe0fdc9785f895c89a3963

SHA256
2affe4e897740ed5d3eb078d3e33dfff6b054aa8f9732ce33a6499fe32c86b9b

SHA512
1f368446c7774d76585918e2320106cd95c9603819d87f8a1c92ac0202480ef149d64530a53b3cf5fac81c77c7871ca1b902794ff999d89727e5e2890f22634c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
76525626ae69858c38152f3ef48d34e8

SHA1
bc1b9d33b5c954e2cc88de204c9075a1c9486370

SHA256
f6c26df60dc82a627e3b0648da84be1a9b4763c28004b94df4bbe2080e08c55e

SHA512
c4b627a05223f0fe99f54123d1f534b2deae078aef57fe93180c0578de4a1eba14499f9753fd537a21e37820ce7eae0dc0c088a22eb32c0a875d0f0635cdb2dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6c90a618b9f9e5fe46a32eab31331a5e

SHA1
8559cfa769abf64dd37e74ffd773cf764046e0ab

SHA256
ba62b5edd61ddc8a8acf9cff22c0598398c3f13d50464616c99872565299f7e7

SHA512
a8e9c3405624d8905094bd33331fc39c2571437da0be4171ed947bff3ff262218ed2911f3a950035370b94167b4ac462288fb3e31a7e71ebe14c9d8197109d4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e090426f8cba31db85e04c97a3c3f780

SHA1
c4f3e94434e6caffd455b0b41ce3cdae3249d0fb

SHA256
64db270beca73e2a72445d944a9cb6342ba396f3227bbe2ef13a3460b76ee614

SHA512
3236745e3917f81999b0032bf05f4ee4c317c4c45ff3ba7c2652570f1ec3240e88dbb5f1843aaf4174fbfad54974beb5e79df41794cff944b299f470fd523efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fd150f98b0a172723db4566fbc177610

SHA1
56d251a2782935e64356af81621fc1fcbd3f0e66

SHA256
1f31d4a0cdd186d541e2789c15d6753ed21dbfec849f119af387433af71fa0c0

SHA512
9371b6fb6f7b900b6100f7124a56bf445fd543a49ccb1a430a66b18f09c7779d844e258f7521301fa7aac6aca66e220d60a8b461699d203d0974543ba76abc51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
29e3097755dd045011ab3f2b1980d72e

SHA1
9728e0d5e9869691722b03d0d81e7f98205cbfcd

SHA256
c94718ef5cca3cc316e646d5e4269d42bbbcb027efd986b1b2c9ba1602698e56

SHA512
e81c031e5b7162a7ee667d887e72a16351a9e738a12a9b0e9255e9a4fb029067cf89ef990dbc3360953a3ae8315f99e5120a49e69325131543eaaf8b01160a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4d9ab81e063e2fd85cee96bd0fbea41d

SHA1
21cab1076e6ae267acb33758d93b6a9c1a222d8c

SHA256
e0e84460b3e5853e9368cb8c226e720a972809200177ca76c61b3d74cf0f0cfc

SHA512
f96113ab0cf950ee5778a69e7ee4285e8b3f5d44eaec92d7e8480c088cb104be2d40c0451a04687ee6bae7297a8e87c608e1a2453046ee381bc51c28a03a5723

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0a2525037ae0c62bd56449919107b22d

SHA1
0673f33f2a1175b8d7523968f2165b3fa86a2da7

SHA256
de37c94bf2b712a34f11813357ce6561a641e45a9c1ca582f842efd59d930c00

SHA512
1054053cc92e7cedd19915312b411b513202df7f7911b98377965ff17fd0b9e0b8cb7d4a6a5bb62aba103962970d45c9b4aa31a974413653dcb9ba5e825d2238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fd14082bf98e437241499fe77334314a

SHA1
fe0fff15000b8ccacb902dc4dedaff56585fe098

SHA256
c2437bb002227df2f5c3dc8bdb80d7e91a45d46dd54103180d8e0f5ce2722e76

SHA512
3a7a1c8d3d2f4f407d7e3a1ffe8fb0dac5e64252279ae9981b5a212cd11e7c40996aa1057ed990a3946e6009a13d957302bc4c57aae7f83e73b74c4ba2a0af90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6becbaf14931172ece14dd888856a426

SHA1
c35c8ffe556b2f157e9b227da880e47cbfcd4574

SHA256
0351b32e4fd2cd6ae8d380cc6c975a30e67672e710d7ddc7aaefc2e0f3d738c1

SHA512
37f24830402ea208f6697298070cf363105f030d6981766b5a59d86a48ba1d1d2da61c310706f3ee106a2122c5d055f36eb12169b78c89e0a8c8b6b628a41423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
000c9e1b96f6a34e445fd786470ad8db

SHA1
86f26b9e17ba63c0213301ea83237251e4703996

SHA256
a86bca266797bfe25fab6585a537b2ac7f0c811a5ef8fe7f2437d1775e717088

SHA512
0f93bfb8520f013849d983c6ca631a9cbb233facf031e9a7127f5a2b649d413e64bd6da1e3904e89919da298c2df72d4adf5285366201ef4e66df31e5c2a6fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F7A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1368-3-0x0000000002E90000-0x0000000002E93000-memory.dmp

Filesize
12KB

Download
memory/1368-6-0x0000000004460000-0x00000000044D9000-memory.dmp

Filesize
484KB

Download
memory/1368-4-0x0000000002E90000-0x0000000002E93000-memory.dmp

Filesize
12KB

Download
memory/1368-7-0x0000000002E90000-0x0000000002E93000-memory.dmp

Filesize
12KB

Download
memory/1368-46-0x0000000004460000-0x00000000044D9000-memory.dmp

Filesize
484KB

Download
memory/3048-389-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download
memory/3048-504-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download
memory/3048-0-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download
memory/3048-611-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download
memory/3048-8-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download
memory/3048-757-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download
memory/3048-771-0x0000000000B70000-0x0000000000C72000-memory.dmp

Filesize
1.0MB

Download