313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
Size

536KB
MD5

c96402fc0c0c36808c754b4329bed5f5
SHA1

05ff2d88b6249ed0b49e48271189b1eb6c4ab033
SHA256

313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69
SHA512

7230c3a02ac6140eade58b213a54d293ef347fb6cb9533b95bcac43d8392e48484c530667484015cb9a6c0a14f8c9a71cffd0c08082a190c20037ad8151a9256
SSDEEP

12288:xhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:xdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/776-0-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx
behavioral1/memory/776-8-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx
behavioral1/memory/776-192-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx
behavioral1/memory/776-264-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx
behavioral1/memory/776-657-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx
behavioral1/memory/776-694-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx
behavioral1/memory/776-699-0x0000000000D10000-0x0000000000E12000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\d4910	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
1264	Explorer.EXE
1264	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
Token: SeTcbPrivilege	776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
Token: SeDebugPrivilege	776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
Token: SeDebugPrivilege	1264	Explorer.EXE
Token: SeTcbPrivilege	1264	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 1264	776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe	10
PID 776 wrote to memory of 1264	776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe	10
PID 776 wrote to memory of 1264	776	313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe	10

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1264
- C:\Users\Admin\AppData\Local\Temp\313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe
  "C:\Users\Admin\AppData\Local\Temp\313bea716c38f84d2c1e25d2756ea57058b0f9fa568c87a6f63b81ab1685aa69.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94bd389e4c5997727d0184b6a2c9ea97

SHA1
518872b3ec9492e8b43b27a59f3c4d5f33fa6a17

SHA256
d82fb64ac3b46c2c7238211e498eb269634a5727b2d859a588b3099a9e845701

SHA512
8b93b3a6ee52f9d010941e629a5a254af045d4f975fbdf2ecad224de727048b45299760a7ac6bf74a2bed4fd4f9b01af9c915d5d77a24f06ddcc32fb9716ef8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efe12a6afdb0a4f7d37d723a2e86ea0a

SHA1
0e8084eb4ab5d17ab80649c48c8bdae065e5a34f

SHA256
d2da718b02d99be1381d63cd1acf15a6517ba32ecf3ef5532e35acbce8c8ba11

SHA512
3f976893cf66fbade75f5be22aeac03ee71790802db8756222a6fc6a36ac0870159b8dbd28ec46360aa75f59b112005d11f7c2a8057a3860493092ad9f779269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95ff581e56b2f1d7047a20ed18fc2bbc

SHA1
031e8fe26bc11d90f32f49460c60e4b6a69d65f4

SHA256
d6c6bcf31f510d5e12f64ca86bdefb6011f723d5811d30cf9fb7fd81ac634b2f

SHA512
047490a36c94900697b0452bf9a4eb35fd4835ca7c260ecb26b8187f07a61d9c615144e1298f0c19cdd7b9f12f8dbccb5f7554c6ea12f528f08df5e45eb0d4bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c7044686004c24b7a744bae3f3b1dd5

SHA1
f010f7b63b6e096525f3eaebab6793485bfa42a4

SHA256
2deda29b26ae515cbfbd7c0bd975a9fbd95930b04ce1e24b1809cc261e899331

SHA512
606bf2ee571c0f87cc0107b4ae8539cecb49dc714eb27a61236abde1412195ab63086d8cc1f35a83fb0feb7262396d5aebc7052eff11b4b28a2edd88d1438c6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ac1c9b5e9e1d264deb5f9b2573cafb4

SHA1
e08fc0ba83c457d3eb73dd288b2d597ec84e18f0

SHA256
0c807d9f984edb251ef40070a4eaa545713f7de7fde85fb65a19edc7222b0b64

SHA512
1a0d89d461b8eaa9387b1e59be6ab7d41bf7b8b9e8bfa3da94e607315109b9b24c42138fd94944da268f5febacfcce64449870be260bab649861fafb9d57ddff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d1ad14a2c8843023ddf4d81584d8654

SHA1
d1aa3ff125a18811eb3c4cbf17aa6d89e1e6139b

SHA256
a538705210d47dfb7377655780c0c69aebecdabc77073f6c4b371fdef17da46e

SHA512
0ce73f59008a2eab09d4d0185aadee4ec77af41e1d85f456fffed3309ad1db711404130c358f8b7b4328e0165a9912eeb91a287b798dce58e89bbc33c63bde78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20cc14501e3a1ea2591d92fb65b8d0bf

SHA1
a01c54266e691fea5c698a13ce038b2e69e3c338

SHA256
36b87a91a687caa727846597d62c5ed3526f24cda957b68abdfdbba8885c3322

SHA512
b646b7ac12c9493f3201fa3d8b0e40ce4c3e3fdc800571c21c02a87d40ca4d43b081227e56a893bbb569f88837bcd1cea290c6ffd4570a4717d4fef2506a03c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDEBD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDEFF.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/776-8-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/776-192-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/776-264-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/776-0-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/776-657-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/776-694-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/776-699-0x0000000000D10000-0x0000000000E12000-memory.dmp

Filesize
1.0MB

Download
memory/1264-53-0x0000000003D30000-0x0000000003DA9000-memory.dmp

Filesize
484KB

Download
memory/1264-7-0x0000000003D30000-0x0000000003DA9000-memory.dmp

Filesize
484KB

Download
memory/1264-4-0x0000000003D30000-0x0000000003DA9000-memory.dmp

Filesize
484KB

Download
memory/1264-5-0x00000000029C0000-0x00000000029C3000-memory.dmp

Filesize
12KB

Download
memory/1264-3-0x00000000029C0000-0x00000000029C3000-memory.dmp

Filesize
12KB

Download