Malware Analysis Report

2024-08-06 12:39

Sample ID 240705-vyej5ascmr
Target Anarxiya.rar
SHA256 8074d6085f0629dc715fbf492933cf91ae573051c84aa749d56f88936e8f0ea1
Tags
asyncrat rat stormkitty stealerium
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8074d6085f0629dc715fbf492933cf91ae573051c84aa749d56f88936e8f0ea1

Threat Level: Known bad

The file Anarxiya.rar was found to be: Known bad.

Malicious Activity Summary

asyncrat rat stormkitty stealerium

StormKitty payload

AsyncRat

Asyncrat family

Stealerium family

Stormkitty family

.NET Reactor proctector

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-05 17:23

Signatures

Asyncrat family

asyncrat

Stealerium family

stealerium

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 17:23

Reported

2024-07-05 17:36

Platform

win10v2004-20240704-en

Max time kernel

156s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe"

Signatures

AsyncRat

rat asyncrat

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e00310000000000e558348c100054656d7000003a0009000400efbee458d483e558358c2e0000009ce101000000010000000000000000000000000000004bf78600540065006d007000000014000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000e458a48c100041646d696e003c0009000400efbee458d483e558338c2e0000007de101000000010000000000000000000000000000002504e500410064006d0069006e00000014000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5a00310000000000e558338c1000416e6172786979610000420009000400efbee558338ce558338c2e0000003c3402000000080000000000000000000000000000005ddcd10041006e00610072007800690079006100000018000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000e458d48312004170704461746100400009000400efbee458d483e558338c2e00000088e10100000001000000000000000000000000000000a7e063004100700070004400610074006100000016000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000e458d4831100557365727300640009000400efbe874f7748e558338c2e000000c70500000000010000000000000000003a0000000000d2f4760055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe

"C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/3192-0-0x00007FFD40E63000-0x00007FFD40E65000-memory.dmp

memory/3192-1-0x00000000007A0000-0x0000000003E3E000-memory.dmp

memory/3192-2-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-3-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

MD5 56a504a34d2cfbfc7eaa2b68e34af8ad
SHA1 426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA256 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

memory/3192-8-0x0000000004750000-0x0000000004762000-memory.dmp

memory/3192-9-0x000000001F3D0000-0x000000001F9B8000-memory.dmp

memory/3192-10-0x000000001FD50000-0x0000000020110000-memory.dmp

memory/3192-11-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-12-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-13-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-14-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-15-0x00007FFD40E63000-0x00007FFD40E65000-memory.dmp

memory/3192-16-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-17-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-18-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-19-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-20-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-21-0x0000000023A50000-0x0000000023CA2000-memory.dmp

memory/3192-22-0x0000000023DA0000-0x0000000023EEE000-memory.dmp

memory/3192-23-0x0000000022210000-0x0000000022224000-memory.dmp

memory/3192-24-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-25-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-26-0x0000000021720000-0x0000000021732000-memory.dmp

memory/3192-27-0x0000000025960000-0x0000000025BD8000-memory.dmp

memory/3192-33-0x0000000020DB0000-0x0000000020DBA000-memory.dmp

memory/3192-38-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-39-0x00007FFD40E60000-0x00007FFD41921000-memory.dmp

memory/3192-40-0x00000000274D0000-0x00000000275EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Anarxiya\Usrs.p12

MD5 26cb64b8111949e2be3ce6aacfad9b6b
SHA1 2ef1cc20c41098e7f894a072fe8faedd53e3772b
SHA256 9b75553ccf402ec37d2140ec2c4b4247e55b9305125b29bc1b7c2e96dfae2f51
SHA512 4eadfce14ea6abe323d987500f4107337530d7af4bfcd01a4abf64efc5cf69a0591dd55f7e3a7da7cf568c374c610f386b4ab55e500855389830b33a1ef0ee76

C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_2xmj5pvpj41jarvrlcfnrvtix1def2yf\4.7.0.0\user.config

MD5 4b01719ab493b81d429c574dbaca15ef
SHA1 719ef1e4e6616a3d8afce09de7f89ddcf186a3a3
SHA256 33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54
SHA512 4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234

C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_2xmj5pvpj41jarvrlcfnrvtix1def2yf\4.7.0.0\user.config

MD5 495d368baef768dd527dd8b772702c87
SHA1 20ceb83c7076024e0491f169173607aa4a2e3931
SHA256 38f1820a88401c8e117bfeca56a11aa06dc806a175203e86f323dc6fb81fb3cf
SHA512 75770717f4bc7c9bdd13d747fdcd6306c38423b1b5d908b5d7cdf4da1b7bbe722f65bb52e63c61ca6da89981d8f5a99035c1d610a0fdacb706a046520c291d18