445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
Size

536KB
MD5

4b48064dfad2e090e9c4d44bd6c85938
SHA1

2f995dcc101ca2ec5079a721ba5aa77cf367abc0
SHA256

445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5
SHA512

aafd468ccd49ac816795c0a55572c09aa1ac612f06e245a17126f52bbb20fec546863a266c1fb49077fbf975ace225bb1c8e6ee32fe604185d972da367bc1b3e
SSDEEP

12288:ohf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:odQyDL9xp/BGA1RkmOkx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000E60000-0x0000000000F62000-memory.dmp	upx
behavioral1/memory/2104-41-0x0000000000E60000-0x0000000000F62000-memory.dmp	upx
behavioral1/memory/2104-298-0x0000000000E60000-0x0000000000F62000-memory.dmp	upx
behavioral1/memory/2104-688-0x0000000000E60000-0x0000000000F62000-memory.dmp	upx
behavioral1/memory/2104-746-0x0000000000E60000-0x0000000000F62000-memory.dmp	upx
behavioral1/memory/2104-757-0x0000000000E60000-0x0000000000F62000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\240570	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
1232	Explorer.EXE
1232	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
Token: SeTcbPrivilege	2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
Token: SeDebugPrivilege	2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
Token: SeDebugPrivilege	1232	Explorer.EXE
Token: SeTcbPrivilege	1232	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1232	2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe	26
PID 2104 wrote to memory of 1232	2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe	26
PID 2104 wrote to memory of 1232	2104	445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe	26

C:\Users\Admin\AppData\Local\Temp\445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe
"C:\Users\Admin\AppData\Local\Temp\445d0e1307ca1a6b6b31ae601b5a4de8ad3ef7e3856eb73b7b59c97da81251c5.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2104

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c128c1233f14efb23eff7abdce02139

SHA1
04de52405610b3f4db929efa2e9158e7d330c0df

SHA256
43f68533f2d8db4d3bf33b88ce035eacc77d77b2901d0d1d792fb3e3bd9885fc

SHA512
e4d5ec7ef28e5b6950d3de6f9e8f587ee5962acd6c78fd5c02c0dbb989f70828f8de7b589a2ef37b9dcedba05858229597cfb055eb5e936476b570c81e9e7bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e320bf981dd2907d3845df2bf30ab220

SHA1
3c2289c1927f3d27105aa9af5bfc4c47d8b6e2bc

SHA256
dbedb48beb984326ab066be9bf47d4520f263007fa848c35aa7d8b4cc0e3e101

SHA512
6931605895ed5b67218e1f56747102df638fc14ca6fb23e6bdebaf777e58309fb021bf8a09d4d69ea2658474b2da4366c858c27ce64d2bf5c05f7184f0c04c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3543b963e6992aa59bd0a2a7572647af

SHA1
0fe821c3e59f72f1383f7211f6deecb35a83ab92

SHA256
85f663f932d25aa2bcf1e4e1619872545554f8905224344d874d8efd3561bd0e

SHA512
4be58c2bfd3098452b335063b972954f06a495c574d1e847cc0cce815505af2a499fc9a53750b66653aea101751f625d10f268f720fe70d80388cac6beacac6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c71ad3856af3d1ff93319fcad50d2be

SHA1
c708da50d399db6955541b4790f1d08ed10c4365

SHA256
58a88b9182ee0ef2ab339908f25f5a3e5bd9a6a4006b910b91a09b3deecee5e8

SHA512
ec7cce1ff6f6f98436e8622177d69c5d4fe876896d336b94f640721d1f03018886cf27c4dc2b4ecbc2dd2bed920780a3775c80fb7f90a85df99b13d9c3db8d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ddf156f671823e072441af1d8a6ada7

SHA1
a211de78e0af8f200482ddc89c636c1f2a776af1

SHA256
1471f943b7ac7a6fbbe3c7189b8018086540210ec1b1153e8ffdefba7a6919cf

SHA512
915406241e7b79df3a370d3eb6bd4823d294c7ccd0c1cc8ef135706fe85ae4e76b39d00b9fd3acdb82d62642f20ff92f0638bbebf67da7453a5422d97241d776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
735e7e04e90b787e70896d874fcb9fb3

SHA1
d4fac298ae0d7d3ea1b444f67638169f81d4b053

SHA256
5be9c1b18e85f34733ea1f740747b9eacacb9cf2aa4a1db1e08c1f1929e2b736

SHA512
0f1bc8fe32bc6c299bc4cbde13af1fce11cb8ddcad0f62b1b9132e530094e6e2d1965683a83fe58a5d44ef01d9519d851cfd6ab7c157332e89bd4213c3e5a2be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03f515b4dee3a1eed1bd1f3dfea37a6a

SHA1
095a71ef979c2e029fe5904ae27e369cb138eb4f

SHA256
ffbb718eb763d04a928ee229ac013caa2a5656b604f30ecb1a56e39741d8e5ec

SHA512
1b1daff1958d4696a7861532e1df7bb0fe244b5051bf48d231578eaa7a11f8f65d8c53d13fc0d93d8e940de7395c716c09c721494dc6cef506f7f2a529a15413

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0f1b9b52050c122f2d2c2b56c49f189

SHA1
f4db83013c6011962225415275d4a9acfd2bd66b

SHA256
3413c3aae381bcbd2704c36c7a5dead2d1df0b2794510f52c8559ebc50e8b950

SHA512
dd5f6eef4a8d1c97f223f6494bc453135bb66833553fc1ed48f5a99c32b2201597a6c0a78cfde3f33093ed0ba2c8e97957a120680fd9dfbe1590c9af68c0bdd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
167b9bce33ffba751c9d2a6ef7ba173d

SHA1
2aece6bb874d3cd33f2ae3de87a6bf24ce6ca961

SHA256
44686b931e80d966b7fe44b078fb04288eef7141707ad23a2f4c3539b84c9186

SHA512
82512d72ba827393e7154bfaba5e2e45f1bed233b0fcf32264aaf0530e83167433f1563dcf97f5bdc815c615fc986a16025a5a8aacd1f209038e1474fea62607

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab51F9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar522B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1232-79-0x00000000039F0000-0x0000000003A69000-memory.dmp

Filesize
484KB

Download
memory/1232-4-0x00000000039F0000-0x0000000003A69000-memory.dmp

Filesize
484KB

Download
memory/1232-5-0x00000000029B0000-0x00000000029B3000-memory.dmp

Filesize
12KB

Download
memory/1232-3-0x00000000029B0000-0x00000000029B3000-memory.dmp

Filesize
12KB

Download
memory/2104-298-0x0000000000E60000-0x0000000000F62000-memory.dmp

Filesize
1.0MB

Download
memory/2104-41-0x0000000000E60000-0x0000000000F62000-memory.dmp

Filesize
1.0MB

Download
memory/2104-0-0x0000000000E60000-0x0000000000F62000-memory.dmp

Filesize
1.0MB

Download
memory/2104-688-0x0000000000E60000-0x0000000000F62000-memory.dmp

Filesize
1.0MB

Download
memory/2104-746-0x0000000000E60000-0x0000000000F62000-memory.dmp

Filesize
1.0MB

Download
memory/2104-757-0x0000000000E60000-0x0000000000F62000-memory.dmp

Filesize
1.0MB

Download