06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
Size

536KB
MD5

6644fc85b945ff98c865f185e3e625f1
SHA1

8519f9499476a4c1ce1707c13c9c574da32291dd
SHA256

06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62
SHA512

878d16d2ca3983280d5ba7cc0b097ddef0ef131374e190c78b735ec380c3d6767ec38bb7cfe0fcc128d43c6e100c2bc77c9293a1df752b883c3b91cc099afee5
SSDEEP

12288:7hf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:7dQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2760-0-0x0000000001250000-0x0000000001352000-memory.dmp	upx
behavioral1/memory/2760-41-0x0000000001250000-0x0000000001352000-memory.dmp	upx
behavioral1/memory/2760-346-0x0000000001250000-0x0000000001352000-memory.dmp	upx
behavioral1/memory/2760-497-0x0000000001250000-0x0000000001352000-memory.dmp	upx
behavioral1/memory/2760-558-0x0000000001250000-0x0000000001352000-memory.dmp	upx
behavioral1/memory/2760-703-0x0000000001250000-0x0000000001352000-memory.dmp	upx
behavioral1/memory/2760-717-0x0000000001250000-0x0000000001352000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2f4090	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
1208	Explorer.EXE
1208	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
Token: SeTcbPrivilege	2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
Token: SeDebugPrivilege	2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
Token: SeDebugPrivilege	1208	Explorer.EXE
Token: SeTcbPrivilege	1208	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1208	Explorer.EXE
1208	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1208	Explorer.EXE
1208	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 1208	2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe	15
PID 2760 wrote to memory of 1208	2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe	15
PID 2760 wrote to memory of 1208	2760	06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe	15

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1208
- C:\Users\Admin\AppData\Local\Temp\06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe
  "C:\Users\Admin\AppData\Local\Temp\06074b510d324c11e0d94414ef88ce1314b5cb0f49871ab928747ac0d344fb62.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c7445d7bf6d940322a42ffcef5345cf

SHA1
53ba2ffe0e6dadfa125ac8ce50dad003c4dcdf2e

SHA256
760d7eeebc1b54a41cba08b529b9c408940a23c0057c3d26d507ed005d26fedd

SHA512
b387f7180e31276856d2e6fb71888107544e21d9565e2193e8357895b3fbf68df2c2bb76e5f0e6157ad094069f3abc7f3cab0c44b87f438dd3da3a9c3d028d1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5894c2eb514c5c3db8b725dd2144141a

SHA1
0155f7fcce70d1bf604afc179e3f92e88ca81e6d

SHA256
fb88c516fb6c019ee6c8ba8ebf5002920970025b7fba4fc002d06df22282e281

SHA512
2afd89eca662d562c994b55e13f556e84b2fe224a4281ef85ba54ab134de85e15b3350516484a74e4b3858115c964a7bcabfd33693a17304a4a312ceabbe2f7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a63ab72c4feded385eb80ab55f0dd142

SHA1
a94b9e30cd9474380b059ceb20f6d2a43cfffe47

SHA256
088b80994bb3034f15e7d92c15334b0a243422d8ca2b2066c3612bf547e7850a

SHA512
ec13bafb2a0ae802fb04fa703062e3dd8a264548260f17b6f9dba60300441a67f15100acdcdfc70cf79837f2db740b3338c3be8992e56c6855b0e94e8e3eee8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffa4ff583d8321d7075b4f14b8886dd1

SHA1
331b1d2518304a5a623a13d47868ee64f334eb02

SHA256
1ff6e56b84d8422dd59d3d0ecbc490848842eb2b866e9fb0f4992b3219ed4ecc

SHA512
14f898a43816e898f6f41fde196982b3069cc3b4c6b4c0d26f3b85073facda8425684cf87c5168d446d018c051bf1983387430d07b41d5e98c0fe2da63e99bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f48cc086ed95aa409e1ef1db91405187

SHA1
a61efec135537f9bb5a0599443a7e57b97d621f5

SHA256
16f0845d553cd03a93c6ed0987da1427c4134b3f888e2e13459db542cf8a9740

SHA512
e5fe8d83b31386dd5e2fab455e10edf99855d35acb79ab92c4c72ae9c2a88a0ab399707f5b84a942a9f2564ab1448dcc492a143c598af804938d6ae676c706c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ccb5da9b47d9208d5c019ca36f98f45

SHA1
dd77b8247cb7937e5a8e948a5ab7f2a197c42523

SHA256
36bfb70ba6bfdde2787c11209c11d1a0ef8f9ef12af181a474a6f49c726c3cdc

SHA512
fef14c79a166a6b686fe98ec42a867d115a7f833870e369bebc9900d3e8ff7c24889bfec60766c16919a5949e1e2db0f00648a4740e8a4095ac24f51468c4b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28c41b95adc442a019f90ade1f9ecfd8

SHA1
ae4da35d390d7201e7f26f21580e2b5a7f140842

SHA256
127b4863ae7cd81f36c461d7650b7e095e42be5e287206ef74b8fd752df2f44b

SHA512
5d63f25150d72f404284ddf319188bdd60d670c8d4c92332c94fcbd3aa46367cf1e69e7c145985eb1d41543aad3df976cd6a67db4e89457ea7a37fcc72d67407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71731e32c8421e959e4227adc891e999

SHA1
ea313346312deaf888923b2b8420547911b2444c

SHA256
79f3c87cf728f520065f7d363656d706726693bb04e9b9022bbe212ed9e0cfc8

SHA512
f12994099437f813b9216deb73253eb4517a092283f884f54ee00244ca4d0b6d2f3f2a9fe91a923430f1e6e288d67a4ecc2ca17c95b8251a2ccc2f2a60ec4e29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8dee9bbfd50df1a78c344433e255ebe

SHA1
8daa823470d6002efa82f4cd3d5138f4139967b3

SHA256
51ab2b39718f6fca08bc9e56f201fcfd765517ab22b2847f066d1300511508fb

SHA512
6d67230382287626df46bc4fa9149b4f1cc31384d39368f78b8e9a42c642cbf49f9349bc6dc6b71b0f91edb6c7fdb8f4eae5ea94f3d1fea3e6b3c723f00eab4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c518738ad491caed01a55605e1ecf2a8

SHA1
e6e39e798623212f3dc6fd3a52656bbd48fed05d

SHA256
76ebb6b8feb8300f45c9ef2402a73bc9d69e522cefbee92cf5c4fe73db1fea3f

SHA512
f67b5d970e3043c26374b3496da0ca60c2199e55ba8fb4b93449df375efb34d01df5b47c42a644dab807ebba63b9daffdded5a0a01ebab8505c2d55d766b7102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24f29dbd23d8d36247d334133a8a8a9c

SHA1
87833fd3cc78867d3b23112216d4b94ffd5b650a

SHA256
9fbe582cbe8f5b8a119828668cd5a184b1d2f7bccaec3ad74c8d1e55a23ce285

SHA512
029d70843f7ebb60b000def1e8706164bc4b19a2ca246629166acdcbe44445532a97f4fda96912a6aa808fe727f03c5a586f0ead831204247cf62ab0b7dd638e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b36768bdb687bce7eda16ae7658e435d

SHA1
f2fce745ac27581288efaf1e73213904a306f216

SHA256
17f2bf486156c8c029ddf9abbdd04050e4b708e2d1eaecb999f3d4fa304d1544

SHA512
cf5023077e236d1f5ad00ccaac0a969fe88138980d743743d985a7c0235eeedb760daefb0bf0c4f9568ea77a8f72208309513b4e3182f8bb52c4a8c479465352

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
687e1a841275672c28c82c984cb3e4eb

SHA1
48bbb5bc0c7343f02a56db26252be3b4e1dfef7c

SHA256
3d53706bc2dda7e556219e22fc2cb9d7bed1660af47002d601c7b84542838ce4

SHA512
8041928efa31565a1443f7ec1b0aae240db7769499d0dc3c68d0040c35947d2e6ee5ac87cabeb166b11c6dd255ffd73f08a14e33b885675aadef2307c549d261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e358703f7639cd8990b0ca45eb211f4

SHA1
1e36fee97bdd990c980b742d96a27bdd666f4dad

SHA256
0f497b5c75861aa1802b3369632500e427ad3bdfde3a3c37319f7d5494f9c09d

SHA512
e6a74c9be76d6dbab9742559d91906045505f620de7da6cd7428259fa46aba3a59b3d1f1f8fc9f88531d8ccdacba8de5183fc1b1bb31ea40e8b264cd59899904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6C4C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6C6E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1208-115-0x0000000003EB0000-0x0000000003F29000-memory.dmp

Filesize
484KB

Download
memory/1208-5-0x0000000003EB0000-0x0000000003F29000-memory.dmp

Filesize
484KB

Download
memory/1208-4-0x0000000002B60000-0x0000000002B63000-memory.dmp

Filesize
12KB

Download
memory/1208-3-0x0000000002B60000-0x0000000002B63000-memory.dmp

Filesize
12KB

Download
memory/2760-346-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download
memory/2760-558-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download
memory/2760-497-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download
memory/2760-0-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download
memory/2760-41-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download
memory/2760-703-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download
memory/2760-717-0x0000000001250000-0x0000000001352000-memory.dmp

Filesize
1.0MB

Download