e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88

Analysis

max time kernel
43s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
Size

536KB
MD5

858273234057fe4e03c7bf35cc37b994
SHA1

f27ea92eb69554001fa545fa3b2ea4b2e095effe
SHA256

e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88
SHA512

c386a5bee16dec69e900b405b7692cbad7155331572985f353a60f96dda09c70a844cf6659f5be42215dfad4e74e94c4eeac21e7288e3a6a767bf930395cd8e0
SSDEEP

12288:ohf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:odQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-2-0x0000000000F40000-0x0000000001042000-memory.dmp	upx
behavioral1/memory/2352-43-0x0000000000F40000-0x0000000001042000-memory.dmp	upx
behavioral1/memory/2352-207-0x0000000000F40000-0x0000000001042000-memory.dmp	upx
behavioral1/memory/2352-454-0x0000000000F40000-0x0000000001042000-memory.dmp	upx
behavioral1/memory/2352-707-0x0000000000F40000-0x0000000001042000-memory.dmp	upx
behavioral1/memory/2352-712-0x0000000000F40000-0x0000000001042000-memory.dmp	upx
behavioral1/memory/2352-723-0x0000000000F40000-0x0000000001042000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\284460	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
1352	Explorer.EXE
1352	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
Token: SeTcbPrivilege	2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
Token: SeDebugPrivilege	2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
Token: SeDebugPrivilege	1352	Explorer.EXE
Token: SeTcbPrivilege	1352	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1352	Explorer.EXE
1352	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1352	Explorer.EXE
1352	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1352	2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe	11
PID 2352 wrote to memory of 1352	2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe	11
PID 2352 wrote to memory of 1352	2352	e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe	11

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1352
- C:\Users\Admin\AppData\Local\Temp\e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe
  "C:\Users\Admin\AppData\Local\Temp\e83dbf7844977993475273a3c313004cc7a6f0b52245f81310dc9d42dbce6e88.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
146a37bfdb0594a3cd1b62532e310725

SHA1
33243ba677ab6c670258b538c57d52366e77a4cd

SHA256
39a1dd9078752a53f09019013fbb79fb6069ed851e3e8261847d1651e88e8033

SHA512
a73e8037a074e7f0298a086a4ae532e20d83c0b85b2ac99431355a9fec6196caad6f45fca89d25762cf42972ab3c3a0d1877fb0297acb7deaa46714b4132db85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9255b278d88696a2d09623a73a3d1a08

SHA1
1bd266b81f49869564c8d5481f1abff605df08be

SHA256
e1bba39d9e15e3de8054efb2ce3e842f3eb417a588f50c7ce12e41d44bca3650

SHA512
fb56ba282e41150ca57914c424bbc77ca79701ed88997681a0a276752fc422fa4d44617a0b59ed877bca1bfc22457c064d29fd92732489c3a8dd12bdbf12c19b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee1fca466b3e14f850c94069fe5e01d3

SHA1
ae4369492fe1718daa1f1cbde2f362d9e699689d

SHA256
3a2cb92456876526e2a80492d5667f089e99f76d1b58be7217d7dc086211bc7d

SHA512
0f45b87399264b19cd04428a4c74ea38f5f44a3012857dfb384f8b1d0cccc52f76b0e05fd103f830bd9e5d452e35e966b3c6502195babd21c5cd81ff2ff7afdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0de0c314cc6d0f84f73eb815127b9b5e

SHA1
9017dc2a954c80cc18acbde2bd236df944c347e6

SHA256
f0f49f2a1fa0253c5501652c59c3941cf2ce5b4f3f4354c0317f2de466db9551

SHA512
1322dee6bb555b8962b2db231e791dd395750004cf8ed7421ff42d8d5bfb8f5ca9835802ed15a5bab5a7c0c6468319cc0403b05fe2b0092e590dcbf98e11b787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
574a193c8515df6f56579e403f8d328a

SHA1
72a3938e7ad83524d3729ed675c330df155cedc1

SHA256
18b764397634b49637a4795848c772628673b09c3d3ba31cb552bcbf63c65cf6

SHA512
c5414dde55a11dcf091728422140c2b853021c3ea5253b29cf5f85d21e085b522d0d579bce713db3c51f09cf4dfb88b5d9069bb346462b72e181cdf17d145af7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6d4730aededcc247734c091286fab7b

SHA1
e13436f511a2e9c5afbfbb2fb1be920c0aae8bea

SHA256
3bb7940199c27ea4a5f4dc173054b0381ea09654c5895f5eec852ea2103dc97a

SHA512
6575e92f1ec9fd914cf7f6706c2353c6bf27e45287ee06ae84f8c1c21dc0451fbf171341422c1f545073a1eabb88cf9af8e14c86e1867a215c649c521f10605f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b3ed0177a8b67eacc0f00ddc326c93d

SHA1
a7b8ec50e70f318477f3ed4a8db889e0bb87e583

SHA256
b9d34b1ac87e354fde3877cb4876fc95471a263ab3b4ebff8d4e21ea1b1bd49a

SHA512
912377878d842e6f95f040efa76bbb909e5a51c7d26d42f74e89fc637f7101155180bbf54e2779f7b584ba7ae101f38bb90f01cefa8f28babd0479c6bef52b0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6218e74e6e37c7cb68d2319bbfb3a2e2

SHA1
f733b01fbe5a8be48c907c199d252fd2819f4cfa

SHA256
872ad81e16bda6fe7af3fb09ef24fdfe14d2e27b985ce0ac5aa2801d26023abc

SHA512
219f102db091719083c195f40a33575ac9e0295fdee89658c9416aacb2f9b8247cc5ce50dd40d41554839ef2fa59e30cb3b19314decd08e8993217d7e9f51c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ffbbc532bc4ad5a9f037a33d24c9c0

SHA1
8c73f666e6d7295cffda60380e8a976a813e4b4d

SHA256
6808b666177df7922616869432a7254ea8438806ccb10bc10ff61014060d0bd8

SHA512
af78585e2d3e749ed223d1d6c830445ae71d0feef5c372b1044ac76dc4455925349fbb8e7b62f3abc4079315769176e288d4cd9fc95ffc140c7263883404254a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffd81c66be6760c77926755ebc2c2086

SHA1
539d47434701d8b0a687f45f6d044b5ac49e1a54

SHA256
0cf0e876ca35ba95f33f4aba799a3856bad2344fb987d4ee6b051f8cae6d6f9c

SHA512
4c6676f2bc0f242a4a8d4b71fbecc641250716baee211c8a8a4e5c23434d9dd4ff3f5d1ce90a1ed61aad0dbc160262a24fa6999a29238a29cd0fbb36317ccddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
445c2c357a27a1e1826f70499928fda3

SHA1
f3cfd8fdfacd0bf8d74051bfa5d9edbef8b7b95e

SHA256
d9f331fdf34d641e00ddb41e82b95dbb363bcbe56f32037649084bac6de1a739

SHA512
256ec65332c663607a29d8b52d36d3ce0e8e5d6bc9176428213222e3e4b3a63286d6603c2704bbe181d923ed9fd464730260c8c0389098b9dc2a257794593ef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4577763e6b9a216b39803cd28dcfd89e

SHA1
d4369d3b9a73b350626113ac4589764292577d54

SHA256
8c7756a2fc96babb1964428c4f2dc4440d011722b8e054fbf04babd8e0814f7b

SHA512
29d495c5082fa5533c0d43816d5fd1eafe58d8b9e980f6438a448691c83c0307fb0da417fc7a0cbafa0c9adb4eb2411e818c2d8a081229aeecd43ae7472077be

Download Submit
memory/1352-5-0x0000000002B00000-0x0000000002B03000-memory.dmp

Filesize
12KB

Download
memory/1352-45-0x0000000004020000-0x0000000004099000-memory.dmp

Filesize
484KB

Download
memory/1352-6-0x0000000004020000-0x0000000004099000-memory.dmp

Filesize
484KB

Download
memory/1352-4-0x0000000004020000-0x0000000004099000-memory.dmp

Filesize
484KB

Download
memory/1352-3-0x0000000002B00000-0x0000000002B03000-memory.dmp

Filesize
12KB

Download
memory/2352-2-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download
memory/2352-454-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download
memory/2352-207-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download
memory/2352-43-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download
memory/2352-707-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download
memory/2352-712-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download
memory/2352-723-0x0000000000F40000-0x0000000001042000-memory.dmp

Filesize
1.0MB

Download