a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe

Analysis

max time kernel
19s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
Size

536KB
MD5

76c560a272f628e702a6797e5e41e129
SHA1

5fea12847fdcfd24a485408f8446ba228c786076
SHA256

a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe
SHA512

bda59001ec3e8c0f313a7f006ef57c7585beef5cf1efa6b49449f295c745835a3bffe9d8b4b3095b64f1570bcf776e906264e46d824a1c6f557b526cc8944af0
SSDEEP

12288:Lhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:LdQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x00000000011C0000-0x00000000012C2000-memory.dmp	upx
behavioral1/memory/2376-7-0x00000000011C0000-0x00000000012C2000-memory.dmp	upx
behavioral1/memory/2376-136-0x00000000011C0000-0x00000000012C2000-memory.dmp	upx
behavioral1/memory/2376-276-0x00000000011C0000-0x00000000012C2000-memory.dmp	upx
behavioral1/memory/2376-716-0x00000000011C0000-0x00000000012C2000-memory.dmp	upx
behavioral1/memory/2376-743-0x00000000011C0000-0x00000000012C2000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\28ad90	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
1360	Explorer.EXE
1360	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
Token: SeTcbPrivilege	2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
Token: SeDebugPrivilege	2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
Token: SeDebugPrivilege	1360	Explorer.EXE
Token: SeTcbPrivilege	1360	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1360	Explorer.EXE
1360	Explorer.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1360	Explorer.EXE
1360	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 1360	2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe	7
PID 2376 wrote to memory of 1360	2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe	7
PID 2376 wrote to memory of 1360	2376	a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe	7

C:\Users\Admin\AppData\Local\Temp\a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe
"C:\Users\Admin\AppData\Local\Temp\a268005fc16a2af341ded5b30ac0425b1d3cf0ee60d97e5577acdf5427d91dfe.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2376

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
32KB

MD5
0e988dc1207cf12a80c5b416854de380

SHA1
1870e2d235abeccb80f1a048c2d841d4abd8b627

SHA256
b9fb3ece2191cf96ed586e82588602c974bb48ad0f871bd9fabe94dba3ed26ed

SHA512
625e1126854b303e66c8445a85e449bf73cde81fec76effcd842b26f0e62e9d3b8f38795a4edd578a2ceb7dd25bed7578e989665ee59c315789b3d0e14e95db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6e3a01649e0c5ef6b6dbb73e6138dcc

SHA1
2bfa80ad70ccc544c1df57eb7bcfdadcfe4fcfc5

SHA256
9548f2da965ca538410782fb1553380ec9a40f6c274f98529fb795f4ae77056b

SHA512
96e7c848316f5236cfa12fd9d2886424779f247d08c42826cd568ab0c525b1999d853c33d27679dd6b6e1edfa0b6e2505846a0011ee91868d7aa8ccfd952ccba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2104ce7095744f546a2fe30441b95e1

SHA1
871a39d912436d0288f63346be18a12e86da2af8

SHA256
26a99719cda95368f8b5ff266f8daaef4b557e727ae415ed3c49ee3073b58ebc

SHA512
ae4dd983032294c3b9e45d2a8436021d4848c64bad8cb7e99337e38ac513a7cb1186c6a4ded86282a5a5b160a9ebb6446243a2ff46e42ab4ef83ee574519e541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8710ab15cfac8943ccce5710292441e5

SHA1
37da46b5b06e6fea4cc15b18c1dd3a5c64f9f33d

SHA256
e1edd3136669993fefe6fbfb874e2a468c75d85aa4cf28715d20b769927f7134

SHA512
aafa2327c4fc4011f8c5025555c40b81142a94d529dd8d590bb59d37a921da5451922baddf50b6659580490d89a0b9f73185c96f5444a7f2fa61760af0a8c978

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9e47fddf0d6f114dc9a54b0100cfcfd

SHA1
514996eab08de2a9524e8d4ead27576a480b75f7

SHA256
3dfa5751a44927f3fac240fb94b51de62031e316e50e40a35e1fc04ea9869949

SHA512
b672be554f3d6a8c2eaf0928eb329619d3e41765e52e3678441d154dc62f1b6a32ba29a1c920254138e8e4e38f6036d597c281c4cce38775f8db93bb32f1cbc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccb564c53856a9a51b31c14595fd9b48

SHA1
b4cebafef31237a772ec69ff24f95b88deeb0625

SHA256
cd144a01c87774c370581372a0ad488a68c3e879d2a83aac344004286dfe7646

SHA512
ba046f12501d3aca8a802b4e3e02cef32d3796b083bf590d1815a8d401b6f3eadceac11e3fb6862b07822712dfdd0c86023034ca63b2c2b1b7d9854ea6453d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e9d1eb2f20d2aa2b0d51bb5569e020d

SHA1
e82c5605078b5becf1165e5029afcee3506bbf96

SHA256
fddc169da2c79654afd068ac3604bbdea1b94b569276ff660a703a3c5503ffd8

SHA512
0cb8d8b7d317aa6bb52e3d96c4bed711def337a37e3aea45a33dbe192dc3de15315a584d84cbb1d9f8aecb0203ac55fe66ce11408dc6c16e15d7cc30e8fa7ee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2c58a9bc7e7746d7f6cc81271943578

SHA1
5e792bbb2a6dec00a6a27b358bf0041dd0fb850a

SHA256
e54a2b26a854b921bb848f7613186a4dbdf72fdef1c77bd96841beaefc16f776

SHA512
e90c145370c7b6bf952899c121beb84fde2b4b421954c37f91c03b98e57cb0154f531c6cd7311eed16f3233d797bc5415910591f4dfe9ace6e568ff7bc3f4bf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ac1b5c137910c6ff043cfc8bc73e005

SHA1
7ecc46a0bd369870c599fa65cf30e84d40796e40

SHA256
c498b2b989e35e54eb0a40686ef1ae3242190af072be0fc642ab46551cba98a6

SHA512
f10d4c01948d8316d71794a7aa376f4f0176f8c6efd9ddf8e2ec5d9b8f94deb21db887ef4f53b79d8cc9b3ab2a069791b61f36de20f69357ccc520790e598e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
138e20683b9786c25aab1263fc7ca42a

SHA1
0b4883be88befe5c9eaff92e336eef8490f67809

SHA256
864ac646e91540bb1d2ae08473db9fdfb7f419d0168e2624bf723ced838ba3df

SHA512
3857c674efac1074b84bc46fad651b1a8d8e1cf4c467de9216ad8cf3e84ecc2f5b796db207305a79293efed043dbc43cb8844f6027d332e452865695f0843ad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93f1be756d584c98ee6eba51ab74ef0a

SHA1
a7823e4618b10f01c4ebd45659248da2f2389c79

SHA256
74ecb77e4dcc2ce6927a6414f0005810b989f64e863b719ed97de069ee618d99

SHA512
0c8fc0569eb4f8bbe44317082ce37b440dbe672d2fdc6801669a7bad9cf00b1cd772d6c007e3f0b2e936a251b6727ae89dfce2051c5e772f2f67b83712c1aa76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ab045e19721780e4637d272aebb7094

SHA1
3ee89c0879e2f7e259956369336ab9f2fdb60fff

SHA256
282715c5bdcfbb5317b07148d0bac0dcf3d60c7465f825e7e229fcdf12a36f6b

SHA512
c578469bf9b49c822b374db47daab935c7d129ff881f232b1375e5f28da14799743705e76bb381acc6e19423f1cce9b10e344f0eba627047ab1106e15d9ab777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3eb6c58fde31a525918e0701aa81a71

SHA1
33912d59f4bfdd15ea8a126c75d7e995875df386

SHA256
eba5e8274f747c341462f9316660643916bc2308a7ccfa4b9d61e6c78be8464d

SHA512
5b1a7439806491de5442dacbb2b1c1eb60b02c520879be484ac0a8b0ce88a9ef843b0590f9c44e876ce3ac9fe45f847884e41743576e9705c9af286a69b887f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e781b9aa295e8b44b349ed94d37d0cc5

SHA1
651d9d1b5fbdc5a6725ee3a5c5ad543d81a34f1a

SHA256
f9e419031f062eb7220382974ca4ca253d5b583a024b8349a977383e1301d7e5

SHA512
4f54adb10ceb4686791ffcb134173b9247e73f81ff9958a868d40790c01a5cf981a220216911240ef80dadd5387d2cc5207874c5ebd752ca16475cdf25b33737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5835b55849512a08019cf44194025d25

SHA1
d057f1bb608d9f440e1ae01164d64d3858904a18

SHA256
927a2733aa9199836b4ddc506e8f20f6dba3e37a5131a1fafdd9fc4eaf731a87

SHA512
da3fe1d1472283bfb17d734ac9bd225e7f2e3435653cbeee797586e2dd066ca97a431e47692fa1227e161c4261e5957c391db368bb15089505c2bdc75ed70d40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4ed5a21a42bcd04981362d50d995ca41

SHA1
1229392ce77c1ab652001a787688dc9d7460501b

SHA256
c5964c358ca1cf42670e2223050b6526de244e6f93d5219e5f651f567e24686c

SHA512
27b7a5f1144507df85b7cf922c5fc5e537cc6a6bcd06e9fb6f141a234ebbb165a249c3310e567c82eca23a3fc9b38af71135023f179c9f9d775e91fcdd788d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar590D.tmp

Filesize
26KB

MD5
0c5429c82e1e07925953ee5b74f41c66

SHA1
946aaffb143dde6fef622fe3650a6c852c85861a

SHA256
c9ea2524717e4bfeab4b38bdac1ddd7ed0ad27c99430443e3d3b16ffd590680b

SHA512
94c1a143b051adcbb5bb11ac7954a3d0d0a38f4022304b7b276d7a138c2ae5d2a3a5675cd219bc71f3e9700de43c63ad21c5dc6352135aa8a83c7dbf7e4f4f21

Download Submit
memory/1360-5-0x0000000002E60000-0x0000000002E63000-memory.dmp

Filesize
12KB

Download
memory/1360-3-0x0000000002E60000-0x0000000002E63000-memory.dmp

Filesize
12KB

Download
memory/1360-4-0x0000000003D60000-0x0000000003DD9000-memory.dmp

Filesize
484KB

Download
memory/1360-45-0x0000000003D60000-0x0000000003DD9000-memory.dmp

Filesize
484KB

Download
memory/2376-0-0x00000000011C0000-0x00000000012C2000-memory.dmp

Filesize
1.0MB

Download
memory/2376-7-0x00000000011C0000-0x00000000012C2000-memory.dmp

Filesize
1.0MB

Download
memory/2376-276-0x00000000011C0000-0x00000000012C2000-memory.dmp

Filesize
1.0MB

Download
memory/2376-136-0x00000000011C0000-0x00000000012C2000-memory.dmp

Filesize
1.0MB

Download
memory/2376-716-0x00000000011C0000-0x00000000012C2000-memory.dmp

Filesize
1.0MB

Download
memory/2376-743-0x00000000011C0000-0x00000000012C2000-memory.dmp

Filesize
1.0MB

Download