023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 14:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
Size

536KB
MD5

8d4a34b8012c8914256797186a0bdcd7
SHA1

126288b987a1b7fcc41925bf8a1c49bc374deabd
SHA256

023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852
SHA512

eeee4534c6d97b2eb3861a62d877aafb5cfbf42cba82347bbad658570f4a9243c80184510672a4a9de1f1bbb8b029cbe9a123c58ed15e14c18c8f1da6a6c5510
SSDEEP

12288:8hf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:8dQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2476-0-0x0000000001090000-0x0000000001192000-memory.dmp	upx
behavioral1/memory/2476-7-0x0000000001090000-0x0000000001192000-memory.dmp	upx
behavioral1/memory/2476-154-0x0000000001090000-0x0000000001192000-memory.dmp	upx
behavioral1/memory/2476-465-0x0000000001090000-0x0000000001192000-memory.dmp	upx
behavioral1/memory/2476-519-0x0000000001090000-0x0000000001192000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	223.5.5.5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2a63d8	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
1204	Explorer.EXE
1204	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
Token: SeTcbPrivilege	2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
Token: SeDebugPrivilege	2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
Token: SeDebugPrivilege	1204	Explorer.EXE
Token: SeTcbPrivilege	1204	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1204	2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe	16
PID 2476 wrote to memory of 1204	2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe	16
PID 2476 wrote to memory of 1204	2476	023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1204
- C:\Users\Admin\AppData\Local\Temp\023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe
  "C:\Users\Admin\AppData\Local\Temp\023894f29dcea35f94c19bd771b06da6e38a400362b4a481451146d082a5d852.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6071183d2ccf5f6a358c9e2b61a70a8

SHA1
c0b3d6f2dd069f7171db3eee8cff989fd44e153b

SHA256
2df1a20b11ef4cdae1920112a8dea7f07987af11878fa8ea15496b3d90d15423

SHA512
6a9059b5ec128b9803897b15111db25b6c151320ded7daf3f0f92d94796e37b3784db8e91a9e668864263e361f70e97d4abb60b1b24d53af055b3cdb2cd0f4e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be1cfc552414835426ed49d6f791a16c

SHA1
af7548c8255ffe09efc680d37c4bbf476d61fd39

SHA256
bff38bf647f21ef5fbd0607c196f6d29c8e463faa76b89094a2c4cf5b1c19e16

SHA512
47e06cba8d4c5cc4c95a07cc60bf1172116877d6d0d44dc71e118b237773013c50063155cbe27d16e619b49b2644d8ae89cd09dcc13de2842f192d4278d2a2f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae9ae122b5ded8b9c2bfb31e28604eb2

SHA1
e3d0243e263173e5a7bdbfeecdb95b224711f2c2

SHA256
af431f1adc6859b5fde7dfaf3898af74c65f60bad4f8f7af6ff236c81f23617a

SHA512
43e6ecd2be3f02cfcdd38e4c12f26277c85ac037a2f849b0583b9e80d4f880ab67067812172a5b97fbd0f47c75e7332fad0790ca3d9f282a3061a51274413c71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f1a81cc138d118d85ec7418604a4681

SHA1
939a6639cb5729d5ad08b1df5928f5820899eade

SHA256
6724f348a0b39c45b37e15f71118749594fff4608e77335565ad27157bc19200

SHA512
8078f74bcfedf0f98846316f76d100b0be3848b48f9cefaa607c3b7f88f0749bcc15812311969e37a6e50f33b268949b87548d9f9102611e866af1f04bd59cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad7dfe6921c4102ffc5274d14e924d53

SHA1
c9ab8a574e71e6b36afda6366cf03f93be576678

SHA256
bbc97a77b94d922cde5af68fbccd01ab775c1016b0b05b6e7b49f8e01032ff1d

SHA512
ca1890f9dc41ffb57e53250fccd095492415e4fe12a6604464ca0c64cd41569df3e0521f7f09647b9213cdd2b0e8e3f521e66fa6cb6d27ada912bb369be09434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c99dd8e1f30a996d681a6861cd5ece6f

SHA1
99e0c64e694bc64aaf4338c68ffa1a82659082f2

SHA256
9f936cc34f792a913a332269202d6eec9a60586e7dc5b7f6897f622e81a2e683

SHA512
3685d18185f3fdb3c4baa4c194c0fa008dbb64303ba7f8e39474b6045466863fb860a47e9b453455a8968c6b484c525061dddc0672451b0db5f95dc5d5ee39ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14ee47d1f012fea5ed4c89633d3bc726

SHA1
7c7726f53ce782230a5bf3fb3671c942819098e3

SHA256
c6a23e8d89e010d5f2a5b02c479a73dac374e388deecf7ab099d6dd073343516

SHA512
8933ac22822edd4f9e7ca0da6c74a828b2e58e0afa9fc29599684a5e853f24e0fa96b67c94d6bfed5f43b6816ccc0e56a5ab3c578eaa9a79d807761d2a4fc818

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA40E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA430.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1204-9-0x0000000003F60000-0x0000000003FD9000-memory.dmp

Filesize
484KB

Download
memory/1204-4-0x0000000003F60000-0x0000000003FD9000-memory.dmp

Filesize
484KB

Download
memory/1204-5-0x0000000002E90000-0x0000000002E93000-memory.dmp

Filesize
12KB

Download
memory/1204-6-0x0000000003F60000-0x0000000003FD9000-memory.dmp

Filesize
484KB

Download
memory/1204-3-0x0000000002E90000-0x0000000002E93000-memory.dmp

Filesize
12KB

Download
memory/2476-0-0x0000000001090000-0x0000000001192000-memory.dmp

Filesize
1.0MB

Download
memory/2476-154-0x0000000001090000-0x0000000001192000-memory.dmp

Filesize
1.0MB

Download
memory/2476-7-0x0000000001090000-0x0000000001192000-memory.dmp

Filesize
1.0MB

Download
memory/2476-465-0x0000000001090000-0x0000000001192000-memory.dmp

Filesize
1.0MB

Download
memory/2476-519-0x0000000001090000-0x0000000001192000-memory.dmp

Filesize
1.0MB

Download