Overview

overview

10

Static

static

10

Anarxiya/A...el.exe

windows7-x64

10

Anarxiya/A...el.exe

windows10-2004-x64

10

Resubmissions

05-07-2024 17:23

240705-vyej5ascmr 10

05-07-2024 17:18

240705-vt88yasckj 10

05-07-2024 16:59

240705-vhqbpavbka 10

Analysis

  • max time kernel
    1561s
  • max time network
    1563s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2024 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anarxiya/Anarchy Panel.exe

  • Size

    54.6MB

  • MD5

    94bac1a0cc0dbac256f0d3b4c90648c2

  • SHA1

    4abcb8a31881e88322f6a37cbb24a14a80c6eef2

  • SHA256

    50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94

  • SHA512

    30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9

  • SSDEEP

    786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe
    "C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
    Filesize

    1.7MB

    MD5

    56a504a34d2cfbfc7eaa2b68e34af8ad

    SHA1

    426b48b0f3b691e3bb29f465aed9b936f29fc8cc

    SHA256

    9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

    SHA512

    170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

    Download Submit
  • memory/2116-11-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-10-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-3-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-1-0x0000000000C50000-0x00000000042EE000-memory.dmp
    Filesize

    54.6MB

    Download
  • memory/2116-12-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-9-0x000000001FD50000-0x0000000020110000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/2116-2-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-0-0x000007FEF5FF3000-0x000007FEF5FF4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-8-0x000000001F760000-0x000000001FD48000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/2116-13-0x000007FEF5FF3000-0x000007FEF5FF4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-14-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-15-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-16-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-17-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-18-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2116-19-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp
    Filesize

    9.9MB

    Download