4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d

Analysis

max time kernel
147s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
Size

536KB
MD5

63a8999de9b22c5df53ea9888af6ae42
SHA1

db8e7d5a93a19f06b7e12fe29b82f4165c4b11bf
SHA256

4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d
SHA512

0bb4823bed4dc9d9adffd12353a092f0bf1780107922fb7940940fd3b28f0ff0cda6f78cc21efc16701fc6cbe61d6a130270dbf7360692c273fa74f4f3ee733a
SSDEEP

12288:Qhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:QdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2252-0-0x00000000012C0000-0x00000000013C2000-memory.dmp	upx
behavioral1/memory/2252-42-0x00000000012C0000-0x00000000013C2000-memory.dmp	upx
behavioral1/memory/2252-289-0x00000000012C0000-0x00000000013C2000-memory.dmp	upx
behavioral1/memory/2252-446-0x00000000012C0000-0x00000000013C2000-memory.dmp	upx
behavioral1/memory/2252-620-0x00000000012C0000-0x00000000013C2000-memory.dmp	upx
behavioral1/memory/2252-634-0x00000000012C0000-0x00000000013C2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\268e18	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
1220	Explorer.EXE
1220	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
Token: SeTcbPrivilege	2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
Token: SeDebugPrivilege	2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
Token: SeDebugPrivilege	1220	Explorer.EXE
Token: SeTcbPrivilege	1220	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1220	Explorer.EXE
1220	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1220	Explorer.EXE
1220	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 1220	2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe	7
PID 2252 wrote to memory of 1220	2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe	7
PID 2252 wrote to memory of 1220	2252	4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe	7

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1220
- C:\Users\Admin\AppData\Local\Temp\4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe
  "C:\Users\Admin\AppData\Local\Temp\4e32274611020738478dc8ec784aa00bc78aa9546986ee16dc427ed9c1effc4d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05ac57a2a42fe4df4c22b0be72e373e7

SHA1
eddecb1ae7bee7b9df180dcedb1f89d78469e839

SHA256
26a9cdeb192bcafc958c70200e04ed057554facc965cf3f5a9d1e7896f41a3fb

SHA512
24c72d14e7c50bc13c78c9a6e230be47005c7bda83f7d8bc8b0c4862e63876725a234eb5d9087f923db45d01384c9edace4f3987ac5d60ef825b58c3bc6c3bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
700851df26c1fa844c85b74bf466314b

SHA1
e87fef3498597b6c900fdca712d4dc090105826a

SHA256
4bfeef8bc061a4e7a7b549e057309aeaefe650e7b8748c0b7e87b07ddf8e489a

SHA512
82623041cde6f4302e2bfc86b0864660855830799867097f113735135c3e56804c5246c3f0e3888f23a2290de2ebe3320af407ce92d21f43598066d73c166409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d4ee8c63209699bebcce6e5b6d57d70

SHA1
a8864b2bee5553c40eeeab69e465d3a3264eef14

SHA256
f107567f307f37b65d8f25fa04fd542ac2ae5c12ab527595b08eefa2d364b170

SHA512
2344d0d075d776685591a6346b78a36eb2f92b73e320f7fd9840bd06d630951e9e71e02a70ac63d2eea8833accfe9be3960a52b24d1f0d79e4621122ec8de3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbf777737c4e2cde589bb1f3181e1fff

SHA1
cf5a2bd75234d6a5e8cd9d284a226994b589a4cc

SHA256
0beeb9c03b0467c7ff7ce80a429a9071b56441f4dedaa4cfa8454fff616f611a

SHA512
e10f8a1fba6fb0f45d094b1549572e8c330eb855b21afcb49c0084d62f15540578da20f122e8d0fbf4ed7f6678082584e63a6997846ea74c19147aed24b42f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f58e01e97dc8d6bb23f959623540344b

SHA1
616ea4271efa0060e0322e6769af6fb9420af50e

SHA256
d1ac59bc4eee2e5766a52d3de01286d912afcabe10c2155a2a3ae05359e91ee1

SHA512
f833cb78fe5e665e6cc91eb608cb09a701d7464db22962434ca616c160025bd74eb0622963537e20ce4f215b8e7a35aeee808d60ba3207d8929006c8c8c1bb98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ae45299e966fde33a78970c3bd173f4

SHA1
61fdaf6db43076b8bf836418cacbef20aa6718a4

SHA256
454aa9aba3b6e0f245bad9533fb729d1290984a0e674d9a02302f39e822c3e2c

SHA512
dcbd284a85c74b834aa8f76fcfa5231823e52b47cbdc7956b259e41aebc6b24cbce756f135353ea07c528e776b213b1922a1a14b805fbc4446f11b3d9f3c1ee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5256b9f522c032909278ddd2a6825ba0

SHA1
7e1d0131e22896b9c38d712e66af7e523d4cf43a

SHA256
3d16aace83a38067a5f9265f74c4f9797fd9af77639941216cf1b103a0036b09

SHA512
e35c4155c917fac3ed770f9caf82a7f2a336cc00d21a82abb628ce6c44de7e06d1b8a6ec45f2b121a2c803c8886a3179f23d21f795e657d4d30d5d7b74315673

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab48F4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4907.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1220-71-0x0000000004140000-0x00000000041B9000-memory.dmp

Filesize
484KB

Download
memory/1220-7-0x0000000004140000-0x00000000041B9000-memory.dmp

Filesize
484KB

Download
memory/1220-6-0x0000000002520000-0x0000000002523000-memory.dmp

Filesize
12KB

Download
memory/1220-4-0x0000000004140000-0x00000000041B9000-memory.dmp

Filesize
484KB

Download
memory/1220-3-0x0000000002520000-0x0000000002523000-memory.dmp

Filesize
12KB

Download
memory/2252-42-0x00000000012C0000-0x00000000013C2000-memory.dmp

Filesize
1.0MB

Download
memory/2252-0-0x00000000012C0000-0x00000000013C2000-memory.dmp

Filesize
1.0MB

Download
memory/2252-289-0x00000000012C0000-0x00000000013C2000-memory.dmp

Filesize
1.0MB

Download
memory/2252-446-0x00000000012C0000-0x00000000013C2000-memory.dmp

Filesize
1.0MB

Download
memory/2252-620-0x00000000012C0000-0x00000000013C2000-memory.dmp

Filesize
1.0MB

Download
memory/2252-634-0x00000000012C0000-0x00000000013C2000-memory.dmp

Filesize
1.0MB

Download