fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee

Analysis

max time kernel
163s
max time network
180s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
Size

536KB
MD5

9973dcb0c6df2e02e2e8b6d2f44eccf5
SHA1

93c831b3e4ac9d3cc75041fe9fa14b3da48ed264
SHA256

fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee
SHA512

6ed4984bb96024f10c82ee6dffb94f6c2532362d3f431dbf6de4c098f89bef774f9bbe3540970868c2b1d9b0510663b263b93a2feec4ffc6f4d621aa9084fda1
SSDEEP

12288:Khf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:KdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2736-0-0x0000000000B20000-0x0000000000C22000-memory.dmp	upx
behavioral1/memory/2736-7-0x0000000000B20000-0x0000000000C22000-memory.dmp	upx
behavioral1/memory/2736-149-0x0000000000B20000-0x0000000000C22000-memory.dmp	upx
behavioral1/memory/2736-630-0x0000000000B20000-0x0000000000C22000-memory.dmp	upx
behavioral1/memory/2736-648-0x0000000000B20000-0x0000000000C22000-memory.dmp	upx
behavioral1/memory/2736-662-0x0000000000B20000-0x0000000000C22000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2ed760	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
1248	Explorer.EXE
1248	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
Token: SeTcbPrivilege	2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
Token: SeDebugPrivilege	2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
Token: SeDebugPrivilege	1248	Explorer.EXE
Token: SeTcbPrivilege	1248	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1248	2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe	10
PID 2736 wrote to memory of 1248	2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe	10
PID 2736 wrote to memory of 1248	2736	fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe	10

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1248
- C:\Users\Admin\AppData\Local\Temp\fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe
  "C:\Users\Admin\AppData\Local\Temp\fa79da1b6a43cbbe526997e192f71f00c4b19a59ad1f919526c1864d75219cee.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34d728e6ece2e288413d21569d11eb15

SHA1
af97821edbcf51d3da2c3e3b2ff5a4a0994e9145

SHA256
76088684099ce144c8934902c306a356e795a106b26776c271d7f5bc15260ab4

SHA512
51824a79bafb6b5e4e66af59ac54c76f98389c56cae85f25d8c6de53ed2490b1897a4ea8b968712e4c8c189bc86bd6e832abb245ca83b9abd22da34c422d1cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62d90f649f7e56d3c1aa504a5adef051

SHA1
6640b26bbeccbb99c670e425f673b316c94cdb69

SHA256
0bd1a5b9a2680ffeb54e55bb92bb26194ee45600297323629d7e6a068332d3d4

SHA512
cf798d763558713d1e931fceeb2f23756caf8ce855fc8d5a0292edbfd84ab8f9f6d127bd272a53c6cc154acc9cdc01d19402e4779dccad7ac943e921ab91ef5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea5e288341ea25fa2f4f4301d658988b

SHA1
90479c2d1c20a735c77cac60fab0ec4a63b1096f

SHA256
f7b4f92cf1d3f701e55c4ffd926814aa7aad06afef00549d6c72c73759541a0f

SHA512
23c3dc1da3a9699bacc3c033a5b85a76ed79a49983e8832b301b070a0a502431ef983c4ada6a525b729fcf942b59aeae0a96d1c634e2c351a917ca68e737e231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
975ac6f2f68920b3c21a66309d646683

SHA1
65fc52cbb4898dbb250b73856edf6834a54d2b1e

SHA256
530f9bb48dfbb46c2bafb400688461e958467b21ef73b7e017993403683378d9

SHA512
298ec9743d97399ba8e9388c451dc95fd1de814a493c80df33258e6b01d7a3e764f1b258713d6d9d17e722981ce486de2e7c44db0346a309c87f83f6ee690379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc43ef9c863cd59e9b5165faa8fb3bf8

SHA1
3c7ad6cccf573efaebb52a244c76fe1b9d0d64c9

SHA256
8ecca2ab888de801939ac72dd625b3ce4d4e63fbd943d834d9b2396eb08962b9

SHA512
0ce3c04daf72cf2b453ca90eb4988bd0a10591bfb21ecebec297daf9ae255f0340647298edb41a6c76fcd10f8e7f5542c9c24a6347c298cd907cd0a3e1669e98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9df9b3b41f3e6a0608f1c0c27977a500

SHA1
86945a1b8c971dd83d11dd4717dc224c8995198f

SHA256
edecc65ec4db328729ca758d5932f90f48d1a481bee9ef99d91f587e9caaf2aa

SHA512
447771bcd06bf1b975de3f5479b97543cac70ab0a33b6f972bda7e438704770914576f8b0273e747ac382e92702f2e89f5d49586a7135554e862ec84c72e6c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ffb8c22f505779be33b8661d33d34e1

SHA1
35fbf9a7e51c5c632027ab62aab11b665fe50098

SHA256
04bd0f27231bf94ead0baa8fb50720d8e693f4c4857ec75d9353bc7b6a82d17d

SHA512
c5e24d1ac8b28f1f9416365b2d5de68f02ac4fddcbc41b5a7c9387ac4d605779b2daaa5092aac99ad3358d7e49e1b070fe496bf7a21b60208e221774fd34c114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8de7671fb6f96360b7727f04a6326492

SHA1
3ce58e348b40bb33cca0148c8d256f64400340b9

SHA256
1dbd8096d7c286e2e945739c9375b6a32dafe1a73582b0ab3a552b7e2a70239f

SHA512
9c48c2cd3dd756058240862aa6e9b4d50012ff034af21954c49c5c771a65d8a979a1b3602d4a6f3f50841b963dd3eda17f9199ada8d34bada1b8993d6d4dc4fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d81d7c6033f81c245293b92c7bc39fe

SHA1
da7a94e6e3591f5adea72d0d5c5bf35dd92a61fc

SHA256
4a2fe6e3d1513dc64ce07efee9674b6eba3c8faeecab7db525c8247f4740d16f

SHA512
f0ab3b5d12bc87035587f13fb8e47116dc907669e5ba91b6b6a29875e0982b800e9fd893bb712c055fe4c8c9155d0fb2169c3665d00b25f9992868312d725c5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c28df81a5655263f5c56403c2c5ef4e5

SHA1
0154c9497e6876d2533420b864b8d2bb842ecfb8

SHA256
c6dc082e7db32096e6f8e94e5cea18a4f77f80a4679030c71725a12f2c1bec70

SHA512
2a761d7288fd1c77538cd29bfbaa57ad384252dfff626d9a6b5f67dfa60d85961b143212ba3de349004df3fa838397bad3891a8e1d2a44982ff4660c11f21308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b779299b1acb0bb4838d4c5ee08a63c

SHA1
ebc21e9790109cbabb7f02d30ca9163396ec368d

SHA256
8ab3df8147310bb3ff90eb97aca083addacaea25872aa0fdf206b13075becda3

SHA512
09705837fc8bf5fa370269b8ea3d46533e258e503b4a77b5506fe4f41ed84eefb735c6712350a8875d3b56d66889f3690c8e1e199cc98b5c47178f4ebc6e627e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEDDA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEDED.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1248-3-0x0000000002B00000-0x0000000002B03000-memory.dmp

Filesize
12KB

Download
memory/1248-5-0x0000000003920000-0x0000000003999000-memory.dmp

Filesize
484KB

Download
memory/1248-4-0x0000000002B00000-0x0000000002B03000-memory.dmp

Filesize
12KB

Download
memory/1248-43-0x0000000003920000-0x0000000003999000-memory.dmp

Filesize
484KB

Download
memory/2736-0-0x0000000000B20000-0x0000000000C22000-memory.dmp

Filesize
1.0MB

Download
memory/2736-149-0x0000000000B20000-0x0000000000C22000-memory.dmp

Filesize
1.0MB

Download
memory/2736-7-0x0000000000B20000-0x0000000000C22000-memory.dmp

Filesize
1.0MB

Download
memory/2736-630-0x0000000000B20000-0x0000000000C22000-memory.dmp

Filesize
1.0MB

Download
memory/2736-648-0x0000000000B20000-0x0000000000C22000-memory.dmp

Filesize
1.0MB

Download
memory/2736-662-0x0000000000B20000-0x0000000000C22000-memory.dmp

Filesize
1.0MB

Download