Overview

overview

10

Static

static

10

Anarchy Panel.exe

windows7-x64

10

Anarchy Panel.exe

windows10-1703-x64

10

Anarchy Panel.exe

windows10-2004-x64

10

Anarchy Panel.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-07-2024 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anarchy Panel.exe

  • Size

    54.6MB

  • MD5

    94bac1a0cc0dbac256f0d3b4c90648c2

  • SHA1

    4abcb8a31881e88322f6a37cbb24a14a80c6eef2

  • SHA256

    50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94

  • SHA512

    30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9

  • SSDEEP

    786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Loads dropped DLL 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
    "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c start cmd /C "color b && title Error && echo SSL assertion fail, make sure you're not debugging Network. Disable internet firewall on router if possible. & echo: & echo If not, ask the developer of the program to use custom domains to fix this. && timeout /t 5"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1132
      • C:\Windows\system32\cmd.exe
        cmd /C "color b && title Error && echo SSL assertion fail, make sure you're not debugging Network. Disable internet firewall on router if possible. & echo: & echo If not, ask the developer of the program to use custom domains to fix this. && timeout /t 5"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Windows\system32\timeout.exe
          timeout /t 5
          4⤵
          • Delays execution with timeout.exe
          PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
    Filesize

    1.7MB

    MD5

    56a504a34d2cfbfc7eaa2b68e34af8ad

    SHA1

    426b48b0f3b691e3bb29f465aed9b936f29fc8cc

    SHA256

    9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

    SHA512

    170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

    Download Submit

  • memory/1108-11-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-8-0x0000000006130000-0x0000000006142000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1108-12-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-1-0x0000000000940000-0x0000000003FDE000-memory.dmp

    Filesize

    54.6MB

    Download

  • memory/1108-13-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-9-0x000000001F2C0000-0x000000001F8A8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1108-10-0x000000001F8B0000-0x000000001FC70000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1108-14-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-3-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-2-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-0-0x00007FFB0EEA3000-0x00007FFB0EEA5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1108-15-0x00007FFB0EEA3000-0x00007FFB0EEA5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1108-16-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-17-0x0000000020CB0000-0x0000000020DFE000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1108-18-0x0000000020E00000-0x0000000020E14000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1108-20-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1108-21-0x00007FFB0EEA0000-0x00007FFB0F962000-memory.dmp

    Filesize

    10.8MB

    Download