b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179

Analysis

max time kernel
21s
max time network
164s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 12:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
Size

536KB
MD5

b0e9bb688e7b2803b37456faf2a0bb3a
SHA1

b6ddbe3d1c1191f47b2173eb9625aa5133dcfc6b
SHA256

b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179
SHA512

d743d749b270337bb1180715e3126cba09d8f01c28b060358a3a7d4466befec26eb26f1182bff38e4eed53d04c910266606197b86f0e51d40d861532b0d6eddb
SSDEEP

12288:hhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:hdQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2136-0-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx
behavioral1/memory/2136-14-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx
behavioral1/memory/2136-339-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx
behavioral1/memory/2136-364-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx
behavioral1/memory/2136-684-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx
behavioral1/memory/2136-689-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx
behavioral1/memory/2136-700-0x00000000009D0000-0x0000000000AD2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2491b0	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
1320	Explorer.EXE
1320	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
Token: SeTcbPrivilege	2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
Token: SeDebugPrivilege	2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
Token: SeDebugPrivilege	1320	Explorer.EXE
Token: SeTcbPrivilege	1320	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1320	2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe	19
PID 2136 wrote to memory of 1320	2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe	19
PID 2136 wrote to memory of 1320	2136	b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe	19

C:\Users\Admin\AppData\Local\Temp\b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe
"C:\Users\Admin\AppData\Local\Temp\b8c82071dff869a7ae1497b0bc999f6e6a882612486b3a55b7bceb3a0018a179.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2136

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eaef245aa66b1c89d847adc44e038ed

SHA1
87199ed50d3c884b90ba84b5fa7f5122b516d740

SHA256
c0604e0700e883950a2bf9977d0cc5be6d5bc66be650f6dd68754f0a5e4d34f6

SHA512
cc93d5cb1ccc631ee7025abea9cd474f2c0440d8041e053c05b8689b586e047a435c3b0c7041882b08d433d91250efd79e42982618603f1a0032379f0ae1bbda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a733ac6915efefa8824f92fdb69c440

SHA1
37e6b3b2df466781fc068a5cf553468e5cc60094

SHA256
04d702dc9f50a6575a7b8a380ff737cf9f044c46ee3f0613f51e768a6338e68f

SHA512
19a09bc9d9f793b25202b67648eeeb232f9ea1b59d949dd87a65c7098775cc5f40210d2146e788ed0be77658d3be85f74583a49bf0f5dd7c0b8d10c9d60e9fbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5d3ff2be50567fe6f1286af8e29f147

SHA1
5a3f0f477ca4744e2ab1f03782b41a579736e4ed

SHA256
a53245d0dfe5d8f18e8bcda3a0859bd5c770bf2077e3edb93817a506dec7eb7e

SHA512
c18dee733f144f320bd5e7c1d6ee1b21d6fd2b0240b5036950e64a9be420498194d069e61bd4fd176011077022250202952ea37a6b5d5946baa81f044f9e5bb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bba5b70f01a1e491662908918ba49f1

SHA1
243a94177f1882e4eee5dfc18e4ec4699efc7964

SHA256
a5ecfd1fff8999b728aad7960dc42ba19ab87147211c2bf091a8d4979bae0a28

SHA512
e1b77fdb9572a3ba23b6128626eff52000e9757ebcbaae1703028967f54e2c8ea5c8ad5352fa08406285c2b8fa3d21067f0f3ade02f88c8c789b8354cbb36eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37eba7004faad997de1350bbd7b899ff

SHA1
bd4fbb53594ab07f2d6e9eafd9d5059770c33bbc

SHA256
5beb89efa310479e46135caeface9c41dbf5e2318a747f4b4ab2c7de81302536

SHA512
51228d79459f4f598811ab94fdf6129c480253a6e615953a30fbc1a8d455cd22d9a6c7310f8aa8e19748b32a88a96501d8781b14ace8a4f2cdb3913ec6bb941b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
780b112c9e552aeb4f6a118aecd49b96

SHA1
d1597b2d3dd930249f4a796190b0cda1866ff7a9

SHA256
adbc29be74cae44ac823f7d72d99da096e774e13a7b2f48fb5e032494fb1444f

SHA512
4944af1a394b5fce4456f363c16d6442f0e07dc3ac433c429ecfa42d02ae8acc3b466671d330c0874e004486df98ae9615dd70cec19d2379ef57f6a363be1581

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
255d1f247ff77322e9219e785a3f1ed0

SHA1
9af98b2dbbfe450672b2c6a39643f49059a51720

SHA256
a6b613aea5a323a16b26c6c071a0bb3023e96e2fa75d96b02d1d7b69948ffbad

SHA512
02f7c4c6513b3e0b25dda9102b33afd2ed5cbe6c1b20612e10e02d9f0c8d58abb9d7b541ed3a5dc667591dad9934a13471da2fbc7003386d3794e3886bf5a196

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4287da5fa1973e73b91205ad0a2bc2b

SHA1
b290246230a976fea981f908b95925c2dfd7b372

SHA256
2b641fbd3c50d09b107923e25634ac4160bcb2b16cabbae6f5b2f8c2ec5e14ff

SHA512
134f05eed634ae586bcee86767d769a3b62157e68a2d7359f7cece7b2f1ed522488c4838a09d28c6eef23ed39c833db43a5fb9d77fbc0cb9433705bc639d2b4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37489719da66efe34f2b96440d1e5f15

SHA1
8de0d4d1f543d2c81c63085721be9702d653bbf7

SHA256
c06045d7c6ffeca982e7ac8592b135df1add204982f19ff31dbdf07097d95867

SHA512
98efffaf78e6e3eb4b4caa784e3e730584b9a73d30809dfcf4186f90319c4010f359a2bffd7b54c50d3a2678faf61e3e21d463aafa48fffd81ed055c8fa06d42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29e92a58b93bf81c2cb1cb6b2fa960be

SHA1
7d5077605fb672aeb50ba5241c32ebb8595d3d5f

SHA256
4963e8cec22dae041542e96549b1270f8c246d2b12461162d0dd3f72ee681a9e

SHA512
936b447890a4ef784ca37d6e4e6d6c63fd15381c78e4d2cb4b0f1dc4d643e343567a67e088f2a9266a0a486cef36961b54038c018aac2252f5502d2f0ed2d395

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb02110e3aa0e11deb9ac440490e0dab

SHA1
c4467c13f0e1c0ecb4d8a00fb9cda21aad290199

SHA256
04726c037622c733200d3a152e31c8919cd7ab184320f66a78def0c42fe0a101

SHA512
431979ff7c124d6b18966bdb8a0254096d07be95191ab9e71b8ed5b9a56ba7661422e66116266c212584ee8c90c6fca0a14cfc0b9f69800f08c7eee1e9e0eccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA833.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA855.tmp

Filesize
127KB

MD5
d84b71bbfe19ba4d3c68bc30d796f0fe

SHA1
94cfc4afb1a212a6a47b90639ee2266f4a5e8764

SHA256
f10e3164846c0eeb0ddd7bdc296f8404336911eee897e071a39faaaf5211c864

SHA512
4848b5d5904434776d7bc992c06aa7c9a2d57b5a2d05bd7a52a96415399eb907aed2d7e0e393446e4b6d21c92331253b053df2395ea3523db18c1819fe549874

Download Submit
memory/1320-3-0x0000000002700000-0x0000000002703000-memory.dmp

Filesize
12KB

Download
memory/1320-6-0x0000000003F30000-0x0000000003FA9000-memory.dmp

Filesize
484KB

Download
memory/1320-5-0x0000000002700000-0x0000000002703000-memory.dmp

Filesize
12KB

Download
memory/1320-4-0x0000000003F30000-0x0000000003FA9000-memory.dmp

Filesize
484KB

Download
memory/1320-79-0x0000000003F30000-0x0000000003FA9000-memory.dmp

Filesize
484KB

Download
memory/2136-339-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download
memory/2136-364-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download
memory/2136-0-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download
memory/2136-14-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download
memory/2136-684-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download
memory/2136-689-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download
memory/2136-700-0x00000000009D0000-0x0000000000AD2000-memory.dmp

Filesize
1.0MB

Download