36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d

Analysis

max time kernel
257s
max time network
307s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 13:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
Size

536KB
MD5

44a7ad29f1dc1ae986cdb24f24231364
SHA1

a7f9b706a66d4da34f0ee4a7eda5dc94e488899f
SHA256

36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d
SHA512

8db47b15f6b775ecf03e43abc68df34bd31ba484ff1b2ea5913f0918db7d2cde7b7a6f81ab9486dc434f02e602878051566067769b6a50357e54c20416bf9e05
SSDEEP

12288:1hf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:1dQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2772-0-0x0000000000C40000-0x0000000000D42000-memory.dmp	upx
behavioral1/memory/2772-8-0x0000000000C40000-0x0000000000D42000-memory.dmp	upx
behavioral1/memory/2772-200-0x0000000000C40000-0x0000000000D42000-memory.dmp	upx
behavioral1/memory/2772-327-0x0000000000C40000-0x0000000000D42000-memory.dmp	upx
behavioral1/memory/2772-486-0x0000000000C40000-0x0000000000D42000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2f7528	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
1256	Explorer.EXE
1256	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
Token: SeTcbPrivilege	2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
Token: SeDebugPrivilege	2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
Token: SeDebugPrivilege	1256	Explorer.EXE
Token: SeTcbPrivilege	1256	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1256	Explorer.EXE
1256	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1256	Explorer.EXE
1256	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 1256	2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe	13
PID 2772 wrote to memory of 1256	2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe	13
PID 2772 wrote to memory of 1256	2772	36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1256
- C:\Users\Admin\AppData\Local\Temp\36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe
  "C:\Users\Admin\AppData\Local\Temp\36cffef8781b79299b831836182502b49103852d31ad90ef59d74d131393629d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0a7c7f4984c07d8f733555f3891ba8f

SHA1
a330444a57f66cf1b1f86cd7fe6fecdd6fb5905b

SHA256
c733fc4fa557e7e5342c43e4addacd7e515fec4da9b560d397b2c4397e025caa

SHA512
aecd7696f2249edac54a7fdc9d7060f948ce5879c86386372f8ddcd8c1f8c55b0bc4920af073c7acc524904ea04b9b935c3c0ae74e428a073ba8398a441c5823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f42d151bb76e95f3d264a862a50dc2e

SHA1
5633a0ba01aa7b35217b313fa9cdfb65b6cb0a37

SHA256
80fedf541ff4465721cdf796db67f0036043ca6c541b5ef3ea2b0ef68a792084

SHA512
4ea1d0d85aec6902e552484ce01f88110210e5e56f0172fd42bf13d04427aed472f1bdfdc20d3e27649f240e2eb30bc04f7445f9cdf534bb36b34b1ea9fa2c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93ae6d9837410f4c670ccdd0a873e7d8

SHA1
7c8d159d89c48ffcd86dc3cd918849e18f12ab62

SHA256
5b4e1f41d28500d6df66829f70c9255df86e7ac42074e52686d3a9d6e7603f0d

SHA512
1d8a54d96e66015e82951a028dce36d5cb847707ee010bfd719098f1ad53e7af56b684a0e800e52c8773463efa4c816b8521daa4da826fad270625f59e56faf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e04e3f0920e34832b47d7d01d2af4dc

SHA1
ca5ddb21c0d46479839a4bca87b30e7ba2b03af3

SHA256
76970bd504728026abb0fee5d517074f2cdbd22be44b94cf16510af1dbb9126b

SHA512
472c3b9b10c3006891b44ec4c80ced7a48f06d19c67c2531e7cf11c83e4d2d44d2fcdb227c34d5a142605a506c264dcf38f1ff874e7efd8a0116089a69745518

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
846a16354d1a7deae862f16d428e6643

SHA1
3f1b9f0a1fcf8228e059af960156cd50e0544faa

SHA256
7850193c7fb2d493815da26f994d470f2e69d0c3f233a4ae45841292bd5447db

SHA512
8da060f0e246adc603131b4b69c9a71d4e2d27e8a97278546e8679552e1e79001e7c06e63ccfe876a537f31766285d2728114c94a448481ffcf516c7589da615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76d5c4d5dc16a11786c440761c7e41c1

SHA1
d0f78b2d10a3918fbafa834e32e96eedb487fc7b

SHA256
48575ad74c608caab4977bfd81aa377ca13868dc1799cee0280011dee851bdd1

SHA512
756bb3686abe1f588779d89ad8673a065ed0ef52a05209241791e89ce67277dad29422156de5f661886108daea56a610c64e5c7cd9d3a5e4f8b6a37a4af01a07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcbe0672b8901365f9f9adfdaad2eea5

SHA1
b3aea7ac96560aa99797e3f5c7d6d269b480d6ba

SHA256
c39c0a7cedd62fbe9e2b64bd256ccf2dfc5c6494887464ac5b08a63e50a40bd7

SHA512
c1c2f20b9fccb4eab1075bc9522091abd2e5eb60d6189edaf1911e7843db881aee62e228a917f9eb067c40c3b5547eb0aef7d6ea82887d83989c1375f725e527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc3f1fdbd740204d8c43e92e1d5a2e39

SHA1
ed8ee6344c18437b2a1815471ea623f733894aee

SHA256
16edf654814caf56720a9c5c4ea82569cc1f9f012459aaa442ae6a2b882af75f

SHA512
b7da5fe2d7523c528a0f4c743babfec3ad43840b1029edcc0a05a5f8399cdd7d5310a7eee2c9214b06c1dfd6b4b68e8d676b844637807a7a75a29920b356c1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF53A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF56B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1256-117-0x0000000002C30000-0x0000000002CA9000-memory.dmp

Filesize
484KB

Download
memory/1256-7-0x0000000002BB0000-0x0000000002BB3000-memory.dmp

Filesize
12KB

Download
memory/1256-6-0x0000000002C30000-0x0000000002CA9000-memory.dmp

Filesize
484KB

Download
memory/1256-4-0x0000000002BB0000-0x0000000002BB3000-memory.dmp

Filesize
12KB

Download
memory/1256-3-0x0000000002BB0000-0x0000000002BB3000-memory.dmp

Filesize
12KB

Download
memory/2772-8-0x0000000000C40000-0x0000000000D42000-memory.dmp

Filesize
1.0MB

Download
memory/2772-486-0x0000000000C40000-0x0000000000D42000-memory.dmp

Filesize
1.0MB

Download
memory/2772-327-0x0000000000C40000-0x0000000000D42000-memory.dmp

Filesize
1.0MB

Download
memory/2772-200-0x0000000000C40000-0x0000000000D42000-memory.dmp

Filesize
1.0MB

Download
memory/2772-0-0x0000000000C40000-0x0000000000D42000-memory.dmp

Filesize
1.0MB

Download