Analysis
-
max time kernel
148s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 17:54
Behavioral task
behavioral1
Sample
Anarchy Panel.exe
Resource
win7-20240221-en
General
-
Target
Anarchy Panel.exe
-
Size
54.6MB
-
MD5
94bac1a0cc0dbac256f0d3b4c90648c2
-
SHA1
4abcb8a31881e88322f6a37cbb24a14a80c6eef2
-
SHA256
50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
-
SHA512
30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
-
SSDEEP
786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule behavioral2/memory/2608-1-0x0000000000BD0000-0x000000000426E000-memory.dmp family_zgrat_v1 -
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule behavioral2/memory/2608-1-0x0000000000BD0000-0x000000000426E000-memory.dmp net_reactor -
Loads dropped DLL 1 IoCs
pid Process 2608 Anarchy Panel.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2608 Anarchy Panel.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:81⤵PID:3620
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5c678b7a4208505ed8a7041433fe8adc8
SHA189a05585b36ef6df381ef8baec25fd9153bf444f
SHA2562dd644e52ec0c96dc05543a43c4f6295b1522fa467d2134c675766841e01ad05
SHA51295f86b5f8d5a6f60849c640f157a2298d505d2bf24f9bf1c8b79f0045fd18334104e18b17865817cf9756560c820c62b027f4a8998bb4ad42f1a73f440a74691