8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782

Analysis

max time kernel
151s
max time network
183s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
Size

536KB
MD5

70054579e3bcac8579c103da9a50b14b
SHA1

8201df1855f96a50cd3f95645cacc3fd2f5e4c2d
SHA256

8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782
SHA512

73042c48371dd8128b88884d2a3ac983cb341a6efdc3c823ae418ecfee2cf4ded822fbbb9f40974c4bd108e929c76c88a96f6267d656cc61300e5519d69188a3
SSDEEP

12288:Rhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:RdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000830000-0x0000000000932000-memory.dmp	upx
behavioral1/memory/1728-8-0x0000000000830000-0x0000000000932000-memory.dmp	upx
behavioral1/memory/1728-184-0x0000000000830000-0x0000000000932000-memory.dmp	upx
behavioral1/memory/1728-659-0x0000000000830000-0x0000000000932000-memory.dmp	upx
behavioral1/memory/1728-662-0x0000000000830000-0x0000000000932000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\1d9580	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
1252	Explorer.EXE
1252	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
Token: SeTcbPrivilege	1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
Token: SeDebugPrivilege	1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
Token: SeDebugPrivilege	1252	Explorer.EXE
Token: SeTcbPrivilege	1252	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1252	Explorer.EXE
1252	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1252	Explorer.EXE
1252	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1252	1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe	21
PID 1728 wrote to memory of 1252	1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe	21
PID 1728 wrote to memory of 1252	1728	8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1252
- C:\Users\Admin\AppData\Local\Temp\8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe
  "C:\Users\Admin\AppData\Local\Temp\8debd2fca7068132a614e4b32c53d8708e6d415206119d57869681a3268b4782.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
680bb0fc3d179059ff3a2be89c9b0b87

SHA1
572eb130fca8b37aac0e1a4a468abe1c889f5953

SHA256
8d6758026ea25e4ca2f32bb422b6bf6189821638380996c128826a3afbe7ca5a

SHA512
19f92b8374c3545afd6da8d94214db3be1e4c3c1eda990e45e1fc128049166ec966e67004a19f429e5afa142c4c2820ab54d32f8aa53deb44a0b20172e8517e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed682db574fa7c6d2f2793b6f95a5768

SHA1
20f66bf2effafa894ececf37d6cc41366090a65d

SHA256
8013e2de8c62965b4d2a987b0149c9b92fc7f06f595305aef2176ad73da174aa

SHA512
828b27806859211da3e313dc7318603f801228e5cb18cda5d4e163f1a4cac5902a004d78f683be65d058704f4cd6ebe2009b35eaee61bd2b8d2256ffa736d33c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2eee9e07208be6f4fcd5f48fd0d91a87

SHA1
5d0c1e8e082537e3748b0cbea5014385a1423c6f

SHA256
b211b464f482cb4d41de75dc03e39d5cf5d95333cf7906ac5ff392ae63675496

SHA512
559234c1b85f7b9874b6ad49e7ab2b2f119831120b28c59b1a02325defcc9ee9562274af48f8d77f0e9bb94af425372c59fd0f3cb732b72c73ab1b0899765ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e9524db55d7eb82e867aac9eac9d79c

SHA1
4f4617cfe9cbaf0e0d4a0f50d83cc3755800ed13

SHA256
1d0643047c880ad045e555d0ac83d1ba9fc39fd5a8682a698c3f3a482ff6cb08

SHA512
f1243913a0119ac4384ca6dadb60ff186047d0bb442b0fc394cfe12115c291c8d931ae226bb0f4856f8f86edefe2baea8043a4cd2c2656ba8869e66b5305c5f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c00b51a7a5446d0b27b3eea46aabc2e

SHA1
cc0bce8583a25c1bf04762ec00aa959bde4dca3d

SHA256
fcc5dd307cda3ac15d937d09f7bd0911ff1671f884cde86fcb7d6cb8aec35087

SHA512
aef0d92efecc3fceed183c1058de8eb14232132bc4443440eac1eae4c804e8d19cf7d2e8c9e9d4cc848837718670256f0d7249737efe4472136f7df13ab0c4fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51b391fdbcb867cf3f839e783a64b6c2

SHA1
21cebb389ec33e9f18658a6db31dc02b1fd1d884

SHA256
f9558cf8e6b7bdd8bfee92c4bdccde7c6d2b718a5834a72baa91f339a48c7f74

SHA512
0720d273b8381b91752de290691539da5f53f389ba54e5b94fe22f07907b2bc84ca7c4f121b8a3839cbdfe8650167a079a3cfc0dfa5d2612b8a252f1157cdd71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4857b558b980090b3c8391e5d8ce21b

SHA1
52bac9f18c7ef80c713c0c684b2601556a06aa89

SHA256
e3fc115b6addb60fca3a579eedaebe835c1dbd2818730cccc3ed870b014f4fb8

SHA512
f9d5fa66ba11f1b0480fd1452b79fa556b087bf646391fcf7537514e1be4ac25cc6a0bc6cb79394a50a813eefe542211bfe5e28a6279f8e67be25bcc7183049e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4948902bd62e6924e5e67627c10c567a

SHA1
c916e52f4700bc64734c59e08d74ffef94e1a581

SHA256
fc07e424fa48e4c6cc63eeb70e7f2e84f574f9ac54ebd849e2c41db887db4b55

SHA512
9b5186ca88323ebf3683cad83da7d7fe5709e26cb8be528034549afd43d9b93e5cda2b38a3828e80f6d0a91e1a1c0fd44253f43bb27ca6f5c05099bd6c235f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13a1615738bde3c84b2c5f65434f1e6c

SHA1
e446970fe0646b1a4695fcb984ef3981bb04585f

SHA256
d063b2e49653078c6da48452309cddecf98f26ff209107de65ffa060818e803c

SHA512
4a6a429486e36f9125b8fe7b6d3d7c009d699842651f221f5027385a9e90efa7a63064916a68799580f408e302ed4905e6db5cc7eea2bf8c74d4d95cede5ee0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF25C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF27F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1252-44-0x0000000002B10000-0x0000000002B89000-memory.dmp

Filesize
484KB

Download
memory/1252-4-0x0000000002720000-0x0000000002723000-memory.dmp

Filesize
12KB

Download
memory/1252-6-0x0000000002B10000-0x0000000002B89000-memory.dmp

Filesize
484KB

Download
memory/1252-7-0x0000000002720000-0x0000000002723000-memory.dmp

Filesize
12KB

Download
memory/1252-3-0x0000000002720000-0x0000000002723000-memory.dmp

Filesize
12KB

Download
memory/1728-184-0x0000000000830000-0x0000000000932000-memory.dmp

Filesize
1.0MB

Download
memory/1728-0-0x0000000000830000-0x0000000000932000-memory.dmp

Filesize
1.0MB

Download
memory/1728-8-0x0000000000830000-0x0000000000932000-memory.dmp

Filesize
1.0MB

Download
memory/1728-659-0x0000000000830000-0x0000000000932000-memory.dmp

Filesize
1.0MB

Download
memory/1728-662-0x0000000000830000-0x0000000000932000-memory.dmp

Filesize
1.0MB

Download