17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
Size

536KB
MD5

a2be503adb0df940a3b34bf1ec3d7105
SHA1

9f9dfc52171bac00afa168ad693e0ff7e566ce66
SHA256

17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1
SHA512

a841187abd913a39712126713ab01c228c6f534a288425adfb4db4082a2d8d9f2d78ecf24e0330249ab6cb8b18548291a1fad6c573d55aefc7e7d1595e529fe3
SSDEEP

12288:ghf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:gdQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2268-0-0x0000000000E80000-0x0000000000F82000-memory.dmp	upx
behavioral1/memory/2268-18-0x0000000000E80000-0x0000000000F82000-memory.dmp	upx
behavioral1/memory/2268-256-0x0000000000E80000-0x0000000000F82000-memory.dmp	upx
behavioral1/memory/2268-468-0x0000000000E80000-0x0000000000F82000-memory.dmp	upx
behavioral1/memory/2268-724-0x0000000000E80000-0x0000000000F82000-memory.dmp	upx
behavioral1/memory/2268-738-0x0000000000E80000-0x0000000000F82000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\26d438	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
1304	Explorer.EXE
1304	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
Token: SeTcbPrivilege	2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
Token: SeDebugPrivilege	2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
Token: SeDebugPrivilege	1304	Explorer.EXE
Token: SeTcbPrivilege	1304	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1304	Explorer.EXE
1304	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1304	Explorer.EXE
1304	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1304	2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe	7
PID 2268 wrote to memory of 1304	2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe	7
PID 2268 wrote to memory of 1304	2268	17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe	7

C:\Users\Admin\AppData\Local\Temp\17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe
"C:\Users\Admin\AppData\Local\Temp\17366c6589ff276d6a3e7a941afa18fdb9249464d93641544fced280c6da9cd1.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2268

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0faca5938459e5a9512b1e6e9c0c084

SHA1
6e4294df717a677c43990a8f6ea438497e024bcc

SHA256
2d1f11321f17b45aa1edecd2dcab102677bcfc468f73bfd374faaf2cb7a22dea

SHA512
a7366c36d451af00bf8ebd2d42c47bad43c64db2920fa0bf307672c2fa4db839c4e126fb24cac33b0f28945417e1102b89f0543e70107cdb73ea5d5b415db3a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3c4276612d6409c509d2cf4fdaef2c6

SHA1
a56a3572d4e41a3f53c74c72d5f7c942538c2dc4

SHA256
7db69e59e5da00ddebe28c0689bddbc43eb2213648e3e025c9dc49ca6a5fb1f8

SHA512
7711081b553fa2789076364b157ee95e3b889136b8a9fef90ad450e3d43638468548203ad46f15a499d4fdf648dc43f53c19c2f3c7053db5b34bc9c6799fbc19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abff4f75410eb23e0742bda85b31bfb4

SHA1
d05726a97d6da24a14dd942210c9ac9432589366

SHA256
20dbf5c369555f0001310392b52436dd85b964eaa4e8306d63a3c3e2d31ffce5

SHA512
84624a1e98420391fbe79a522e8fb27ed0a5d8605a857c95036afb575864db21b509835f661cc1fa8e9d79184d55ca149590ff9e9581e5191b712dea2d22269f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2497fb3365387dea761eae6317730723

SHA1
62711c06c5026c6280b7bd1c68aba8a7351cc2c2

SHA256
88ad52e36c2ad5c3159ba251889389c55e9706747d0c1daa3cdce31edc5a5de5

SHA512
29ddad88571c9006f040110bbfae3a2d864cfda470208876aeade7d767e7c9c73d6d92e326e12d42514459c6984a19fe4a35c72243357249c7037275904322e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f60920a87c541968b5973ae61d98dcf1

SHA1
316e34a61def5d45674d5a7a6216cdceb9a01fe6

SHA256
d67281f434edd4e96a334e3ebfded78943b7918abdff4a4383ae46853c997b94

SHA512
5ed8cd882f5812a58935822699c22c8fa366d049cf46b86ce9ea59c8bd24a52a159ff8d88def091abc7130860c875b3e203824cd82c8665d363c8eb5c6047406

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f464fb9dcf19a8ca99326504fe9b577

SHA1
c29af15358e62b9befe49c1ca13f8478cf15d267

SHA256
12b701c58e0ce355e7436aed5a18540c32d8a9dd813115b58fd429569249deb2

SHA512
f73b008060ef872278797e0a3b6ac0fc7d65c392ea062386d4352c5a64fa1ad2f488dba55cbeae62ac2ae698f7b8fcd551038513b3ddd33fa55c35db816fdae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
643a82d653d0777b65e853bee41385e3

SHA1
9d773af5ca2ac69054a6c66f81ab62ffbc413141

SHA256
29e44ea3b0c0e1da01487403bf0cb204ade0e47822bd0a496c2ac75b65c993ee

SHA512
665d7005f6679cc58b73b4094255c8092e32aeb90347e740a63dde7965045a58b777d010c61bf914682d070736b70193b6c964da5d934ef46a94c49c3d24de86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa89eba43aecbde0edd02ec3068ef6e8

SHA1
591a82226a94dafbce4a0ee172835ce55d9cd965

SHA256
c7a4e94aa1a585112934edf95775ccf9918bde3ee95c0c7521442f06b559c606

SHA512
c11870f66fe4119b4ed0f5131cc2543744740d65f41105ff26bdd14ba65534999ddf9e842df9c1cb67bb5fd4392e5014e7c854d6dfb3039fa6e236c882b58431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2920bf7d275e863564efa4e85fc04add

SHA1
c340e1b7821ae0d2f7bf2c69efcfa4eaece2146d

SHA256
d7dbd9e18d6456d5bee5f4597ac15eaace1156ee0937e6a3cd67dd1114e13024

SHA512
f3e1aef38d3113cb14afbc82188d234c418298fee42f2e16ce9cb4e51e3f57bcf488187a98051dc54679b13ac2a56952b091e193ed37ffbb38aa4b1fbeff6499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ddebde807bd3fbd12659ca3f3ce1ff90

SHA1
7744b5ca399b49c93d0f4889beebb3cb68420cef

SHA256
60bd98742ce7f871dcc58de2d1421adefedee606b9c606369620e0b83ea50b51

SHA512
16d13bd57a3355c1a6b210f3d58a825ca9a2d7b1a216f91df3d58d291d62c8701aca37f06a980f9d16e2f1a068dac56b648a501a8877eeb3841b64c3129f7f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A8F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1304-3-0x0000000002F30000-0x0000000002F33000-memory.dmp

Filesize
12KB

Download
memory/1304-7-0x0000000004330000-0x00000000043A9000-memory.dmp

Filesize
484KB

Download
memory/1304-4-0x0000000004330000-0x00000000043A9000-memory.dmp

Filesize
484KB

Download
memory/1304-46-0x0000000004330000-0x00000000043A9000-memory.dmp

Filesize
484KB

Download
memory/1304-6-0x0000000002F30000-0x0000000002F33000-memory.dmp

Filesize
12KB

Download
memory/2268-0-0x0000000000E80000-0x0000000000F82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-256-0x0000000000E80000-0x0000000000F82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-468-0x0000000000E80000-0x0000000000F82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-18-0x0000000000E80000-0x0000000000F82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-724-0x0000000000E80000-0x0000000000F82000-memory.dmp

Filesize
1.0MB

Download
memory/2268-738-0x0000000000E80000-0x0000000000F82000-memory.dmp

Filesize
1.0MB

Download