Analysis

  • max time kernel
    148s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 17:54

General

  • Target

    Anarchy Panel.exe

  • Size

    54.6MB

  • MD5

    94bac1a0cc0dbac256f0d3b4c90648c2

  • SHA1

    4abcb8a31881e88322f6a37cbb24a14a80c6eef2

  • SHA256

    50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94

  • SHA512

    30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9

  • SSDEEP

    786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score
10/10

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
    "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2608
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3620

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

      Filesize

      128KB

      MD5

      c678b7a4208505ed8a7041433fe8adc8

      SHA1

      89a05585b36ef6df381ef8baec25fd9153bf444f

      SHA256

      2dd644e52ec0c96dc05543a43c4f6295b1522fa467d2134c675766841e01ad05

      SHA512

      95f86b5f8d5a6f60849c640f157a2298d505d2bf24f9bf1c8b79f0045fd18334104e18b17865817cf9756560c820c62b027f4a8998bb4ad42f1a73f440a74691

    • memory/2608-10-0x0000000020040000-0x0000000020628000-memory.dmp

      Filesize

      5.9MB

    • memory/2608-2-0x0000000006430000-0x0000000006440000-memory.dmp

      Filesize

      64KB

    • memory/2608-3-0x00000000049C0000-0x00000000049C1000-memory.dmp

      Filesize

      4KB

    • memory/2608-1-0x0000000000BD0000-0x000000000426E000-memory.dmp

      Filesize

      54.6MB

    • memory/2608-9-0x0000000006320000-0x0000000006332000-memory.dmp

      Filesize

      72KB

    • memory/2608-0-0x00007FF8EAEA0000-0x00007FF8EB961000-memory.dmp

      Filesize

      10.8MB

    • memory/2608-11-0x0000000020630000-0x00000000209F0000-memory.dmp

      Filesize

      3.8MB

    • memory/2608-12-0x0000000006430000-0x0000000006440000-memory.dmp

      Filesize

      64KB

    • memory/2608-13-0x0000000006430000-0x0000000006440000-memory.dmp

      Filesize

      64KB

    • memory/2608-14-0x00007FF8EAEA0000-0x00007FF8EB961000-memory.dmp

      Filesize

      10.8MB

    • memory/2608-15-0x0000000006430000-0x0000000006440000-memory.dmp

      Filesize

      64KB

    • memory/2608-16-0x0000000006430000-0x0000000006440000-memory.dmp

      Filesize

      64KB

    • memory/2608-17-0x0000000006430000-0x0000000006440000-memory.dmp

      Filesize

      64KB