67d6e28632a3e1458a2e29a097069677d94e4906170af5b36601636d3248ca4a

General

Target

Anarchy Panel 4.7.exe
Size

63.9MB
MD5

5b3fbe8f2623164ee2c508402023b8ca
SHA1

be1527e0f2a9123adabf93ee61f9d0a3f79d5ce1
SHA256

67d6e28632a3e1458a2e29a097069677d94e4906170af5b36601636d3248ca4a
SHA512

98901fecfbd682ac552e0c9e3094585aaa94b45a2bb4d3dd6c8571b71245c8b2b354c6a0ccd4f6407d415d8e18546ff9d1be9384741c1e62afcdcb5bd268f962
SSDEEP

1572864:58IPbXOqMKI85pjN6fs8Ne/MHsRMAhsdNPPLg0Lm:zXOqn5pjuNNefRMAhC1a

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

crack.execrack.exe

pid process

1908 crack.exe
1156 crack.exe
Loads dropped DLL 9 IoCs

Processes:

Anarchy Panel 4.7.execrack.execrack.exe

pid process

1308 Anarchy Panel 4.7.exe
1908 crack.exe
1156 crack.exe
1156 crack.exe
1156 crack.exe
1156 crack.exe
1156 crack.exe
1156 crack.exe
1156 crack.exe

pid	process
1908	crack.exe
1156	crack.exe

pid	process
1308	Anarchy Panel 4.7.exe
1908	crack.exe
1156	crack.exe
1156	crack.exe
1156	crack.exe
1156	crack.exe
1156	crack.exe
1156	crack.exe
1156	crack.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI19082\python312.dll	upx
behavioral1/memory/1156-153-0x000007FEF58B0000-0x000007FEF5F88000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Anarchy Panel 4.7.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	Anarchy Panel 4.7.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Anarchy Panel 4.7.exe

pid process

1308 Anarchy Panel 4.7.exe
1308 Anarchy Panel 4.7.exe

pid	process
1308	Anarchy Panel 4.7.exe
1308	Anarchy Panel 4.7.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Anarchy Panel 4.7.execrack.exe

description	pid	process	target process
PID 1308 wrote to memory of 1908	1308	Anarchy Panel 4.7.exe	crack.exe
PID 1308 wrote to memory of 1908	1308	Anarchy Panel 4.7.exe	crack.exe
PID 1308 wrote to memory of 1908	1308	Anarchy Panel 4.7.exe	crack.exe
PID 1308 wrote to memory of 1908	1308	Anarchy Panel 4.7.exe	crack.exe
PID 1908 wrote to memory of 1156	1908	crack.exe	crack.exe
PID 1908 wrote to memory of 1156	1908	crack.exe	crack.exe
PID 1908 wrote to memory of 1156	1908	crack.exe	crack.exe

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308

C:\Users\Admin\AppData\Local\Temp\crack.exe
"C:\Users\Admin\AppData\Local\Temp\crack.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1908

C:\Users\Admin\AppData\Local\Temp\crack.exe
"C:\Users\Admin\AppData\Local\Temp\crack.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1156

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
c3408e38a69dc84d104ce34abf2dfe5b

SHA1
8c01bd146cfd7895769e3862822edb838219edab

SHA256
0bf0f70bd2b599ed0d6c137ce48cf4c419d15ee171f5faeac164e3b853818453

SHA512
aa47871bc6ebf02de3fe1e1a4001870525875b4f9d4571561933ba90756c17107ddf4d00fa70a42e0ae9054c8a2a76d11f44b683d92ffd773cab6cdc388e9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
a55abf3646704420e48c8e29ccde5f7c

SHA1
c2ac5452adbc8d565ad2bc9ec0724a08b449c2d8

SHA256
c2f296dd8372681c37541b0ca8161b4621037d5318b7b8c5346cf7b8a6e22c3e

SHA512
c8eb3ec20821ae4403d48bb5dbf2237428016f23744f7982993a844c53ae89d06f86e03ab801e5aee441a83a82a7c591c0de6a7d586ea1f8c20a2426fced86f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\python312.dll
Filesize
1.8MB

MD5
2f1072ddd9a88629205e7434ed055b3e

SHA1
20da3188dabe3d5fa33b46bfe671e713e6fa3056

SHA256
d086257a6b36047f35202266c8eb8c1225163bd96b064d31b80f0dbe13da2acf

SHA512
d8dddc30733811ed9a9c4ae83ac8f3fc4d8ba3fa8051d95242fbd432fd5bf24122373ac5eea9fec78f0daf7c1133365f519a13cf3f105636da74820a00a25e9b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
1f72ba20e6771fe77dd27a3007801d37

SHA1
db0eb1b03f742ca62eeebca6b839fdb51f98a14f

SHA256
0ae3ee32f44aaed5389cc36d337d57d0203224fc6808c8a331a12ec4955bb2f4

SHA512
13e802aef851b59e609bf1dbd3738273ef6021c663c33b61e353b489e7ba2e3d3e61838e6c316fbf8a325fce5d580223cf6a9e61e36cdca90f138cfd7200bb27

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
75ef38b27be5fa07dc07ca44792edcc3

SHA1
7392603b8c75a57857e5b5773f2079cb9da90ee9

SHA256
659f3321f272166f0b079775df0abdaf1bc482d1bcc66f42cae08fde446eb81a

SHA512
78b485583269b3721a89d4630d746a1d9d0488e73f58081c7bdc21948abf830263e6c77d9f31a8ad84ecb5ff02b0922cb39f3824ccd0e0ed026a5e343a8427bc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
e8af200a0127e12445eb8004a969fc1d

SHA1
a770fe20e42e2bef641c0591c0e763c1c8ba404d

SHA256
64d1ca4ead666023681929d86db26cfd3c70d4b2e521135205a84001d25187db

SHA512
a49b1ce5faf98af719e3a02cd1ff2a7ced1afc4fbf7483beab3f65487d79acc604a0db7c6ee21e45366e93f03fb109126ef00716624c159f1c35e4c100853eaf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\ucrtbase.dll
Filesize
993KB

MD5
9679f79d724bcdbd3338824ffe8b00c7

SHA1
5ded91cc6e3346f689d079594cf3a9bf1200bd61

SHA256
962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36

SHA512
74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

Download Submit
\Users\Admin\AppData\Local\Temp\crack.exe
Filesize
8.1MB

MD5
d87b402b821fa842d89283aa8654d9c0

SHA1
30c086651e1bcd191163c01efbab55f51ec04691

SHA256
791a66abbd58ac34dc72565455fb6e596bb14b93aa5b0109e0d53c60b87b5678

SHA512
37ff5b178e10c2a64ca5cd3c11b2dd8ac153de7b62f363f2a0b608590befa07bc4e8f35a2ab7e57fb2b9ec06e2a91dfad99ce024cc787a777b410f5e0ad81de8

Download Submit
memory/1156-153-0x000007FEF58B0000-0x000007FEF5F88000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads