a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781

Analysis

max time kernel
148s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
Size

536KB
MD5

0ba3a9821815ed40b00d8929d75d6188
SHA1

df20fba2725c2cc895e591de0392ce64dea280fd
SHA256

a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781
SHA512

aa68eb8ca8c56c78c450d49acfa19a78ea38ddecc4dfc365a8e326297141e7b90fe42775c1bfc98c68662160f4f42dee30defa2f7c276d6738981ba8e2fdc302
SSDEEP

12288:Ghf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:GdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x0000000000A60000-0x0000000000B62000-memory.dmp	upx
behavioral1/memory/2100-8-0x0000000000A60000-0x0000000000B62000-memory.dmp	upx
behavioral1/memory/2100-151-0x0000000000A60000-0x0000000000B62000-memory.dmp	upx
behavioral1/memory/2100-650-0x0000000000A60000-0x0000000000B62000-memory.dmp	upx
behavioral1/memory/2100-691-0x0000000000A60000-0x0000000000B62000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\23f3e8	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
1420	Explorer.EXE
1420	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
Token: SeTcbPrivilege	2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
Token: SeDebugPrivilege	2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
Token: SeDebugPrivilege	1420	Explorer.EXE
Token: SeTcbPrivilege	1420	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1420	Explorer.EXE
1420	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1420	Explorer.EXE
1420	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1420	2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe	9
PID 2100 wrote to memory of 1420	2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe	9
PID 2100 wrote to memory of 1420	2100	a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe	9

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1420
- C:\Users\Admin\AppData\Local\Temp\a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
  "C:\Users\Admin\AppData\Local\Temp\a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3834b780c0104c853432f2e24248e28

SHA1
be9c22e68c6f85fabcb9b66cca24c1458bab6b7b

SHA256
be200ba39f97cfaf71791989d4201260354123e619f6812266eac46ed8eb14b3

SHA512
ffaa5a350e5290eab9aa9f54865f9fb252a2eed5337feb7c70dfb7dcce4b1ddb9495b82e652ab8df907a78d6dab622906272049a5aba158fefc2921412adc2b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18bc08e70e757d8d0814461785298f3a

SHA1
b3c44e0078489620d68d2dff94da4ff32a3a44c2

SHA256
eee1ab83d7df1ed6c868e30d359d790d62d67ceed59d1c0ef4b31c2f67a3275d

SHA512
88782b7326fcbc3cf1f606fccf1fc0b6be6ca48cd7ab2cd15cb52535040b209db21332620dfa61a64a3b212831c90aa14cbd730b63f4fc6a65985436e9970220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12c060b89296271dc8d6d8308b0739c4

SHA1
f1c2fa336bae101b41a6b31965b4e0c9f9555760

SHA256
a2448c5002807aadcc476c41afba20ef127236feffbc5f87ba0d3a699b3f84b6

SHA512
7cc75e0b577ddb14a0ac0713d49e7cddc7f5bde34cb9350637a1c2167564adddba85cfd30f7cac2ca0da6c67784861736073206d96b81bbff3b1df192b6ec3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
082e9db878fcfb8e0f71da13e274dd12

SHA1
7ccdc42c6d485958c569b4bc601a5e970e614b46

SHA256
7ad9adc51bf74d1da167c41a7a7a584040094da89b8efb6ec79ff541455a88f7

SHA512
4cd817efd5077f455e38e257a44758f536ad91b37bba8f2f67a2b49256a7a0222c0ab56d37d24d6edfbd2a16ba35566ed96a72a5cc1f928141983195251ca9a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
356caa74f567c17ab876576d3c2e0d7e

SHA1
02f248ff34e2206dd8896f7bd73499d4c6d442ef

SHA256
d576b09e0755130b68c38d1588a525680bf2efca1f545d4a0c6eddf50a24eb20

SHA512
443a9f7edd06e1b3899b330b5633f913929ee926f024378f82f6fe333f47c1c12f7e5a2adf1438e0ed1c0be84194dddb831f716cfcefce53bd91612b2e41549d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4e191ceeccd45357b0a76ed1e7c8896

SHA1
a3fa30d4e442e7922e1659d02dc0dcf12b996017

SHA256
28560893cec826b840c60e0d36335de6096d3bb50a4f6023f099bf2fb13d463b

SHA512
905d07660a57c24d103bf4e988a810f125be807ff883fac1b5f6ae2f1ad6007a987ee67a77a543f0f3318a3ca7ba45b38eec797398d5315ec1e8a84f76d59781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d882640114fea7a3dd5901aabae9d34

SHA1
b6d3c377e0327e0e580314cb4c0a216c7f2c6687

SHA256
aea897ae4b40997a645980aad81cdb2ac0483b86d65bc04baaf7eaf7f75cee0d

SHA512
e498ee1bbebbb660dadca5eafd8aad3090aeec3bfd08cdb367f97b9add5a6e8362be8fb41fbd1867ad2b2b4a0c1dea6f88867a161192e3b34f31e1edfe61a611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f408ef04166e0087c18ea2247e8f4dfe

SHA1
9ddfa755e20bea8ed334a38ebfc29c89fc446b15

SHA256
411d8324e93f869bf362a2227a94601ce1750ca37362d4365acf04899cc41807

SHA512
d0e7133abbdf6acac69334ac3a09677dc48df30274b8138661b0ce14d0d82521699cfe4a87cc4d5e83434a0f11d37b85e48589f05851a941fc0d715b3013175d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6677a96df5157fc095f3f1b879c8b00

SHA1
df0df3fbc4d6da0cace4ee526952b1ae65653147

SHA256
376ef8f071477fed8b8e50718c08cdf446fc3db92449b5add11194fcb161ed43

SHA512
73f94b5ada9b7e9ff0f72ad9308262a180fd32dda187498d21c7a9b312af1e34d08b6b6f8636a5d8788a36ace44c6bfc078b9033b663ebc620086c8d4c3365dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33b3ea7a0f5292144840c2486ee7ec3e

SHA1
cab1871d8e8744a2d088bff6ac295b312b30e380

SHA256
f373d24c51904595b48a29ce9a196fb3b0eab320c4e70636e69f4683116c0c0a

SHA512
498cf2d56017aabacd53d9aff9b0e543a356a4de11c377813993d87da7dd6f93c85b5c0b5673f57cde7682feb09458ffaf5d2bfe7192e6dc091e94c62e81cd3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
278dddc02207f7bbe2e1ed3775f40baf

SHA1
094a13cdb52ba07e1cc55b79ba7756e193178e17

SHA256
9e196c968b8fc1f2dc9a33f3e32a39e2c574e9ca077d0ec5055fe5b75817383b

SHA512
7ec1f640ce00e8c60b1edb1d0b5e62874fda888a630c0b2938a419166cd1f99db703fbe8d8e4a0ee63c445e866878035341cc041492d739c3ce40d8afa55cad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCB6C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB9E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1420-4-0x0000000003950000-0x0000000003953000-memory.dmp

Filesize
12KB

Download
memory/1420-5-0x0000000005D40000-0x0000000005DB9000-memory.dmp

Filesize
484KB

Download
memory/1420-3-0x0000000003950000-0x0000000003953000-memory.dmp

Filesize
12KB

Download
memory/1420-7-0x0000000005D40000-0x0000000005DB9000-memory.dmp

Filesize
484KB

Download
memory/1420-44-0x0000000005D40000-0x0000000005DB9000-memory.dmp

Filesize
484KB

Download
memory/2100-151-0x0000000000A60000-0x0000000000B62000-memory.dmp

Filesize
1.0MB

Download
memory/2100-0-0x0000000000A60000-0x0000000000B62000-memory.dmp

Filesize
1.0MB

Download
memory/2100-8-0x0000000000A60000-0x0000000000B62000-memory.dmp

Filesize
1.0MB

Download
memory/2100-650-0x0000000000A60000-0x0000000000B62000-memory.dmp

Filesize
1.0MB

Download
memory/2100-691-0x0000000000A60000-0x0000000000B62000-memory.dmp

Filesize
1.0MB

Download