Resubmissions
14-08-2024 22:02
240814-1yattssdkl 714-08-2024 21:57
240814-1vba7axcqg 1014-08-2024 21:49
240814-1pk87sxakc 10Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14-08-2024 21:57
General
-
Target
Anarchy Panel 4.7.7z
-
Size
52.3MB
-
MD5
40fa4dfb75a2ff3595435c374a5f5e68
-
SHA1
2086fd6c2f38fb20e87a50cf3ee27dfb68fa3843
-
SHA256
bf9aa6957a814d551d3ba7f96690ff76c79ff884718b3a0f16ab17b96c2637ff
-
SHA512
a0655a97428c2a1981015c7b819a207d119b82fe88242f8a0e703adf3eedd386de73412e428dfce1fcedacbbb04ff23775c66e21584f27b5065ed32f510da3de
-
SSDEEP
1572864:AN5bnkUpaR1Ju0aVJfQF593gMr8okmaHY5q2iSBHxhj3lF:Q5bkxbJOJfnMYoriIRhX
Malware Config
Signatures
-
Stealerium
An open source info stealer written in C# first seen in May 2022.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 1 IoCs
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7.7z"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4380,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:81⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 7842⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x524 0x41c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Anarchy Panel 4.7\" -spe -an -ai#7zMap30972:90:7zEvent212071⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\Anarchy Panel 4.7\Anarchy Panel.exe"C:\Users\Admin\Desktop\Anarchy Panel 4.7\Anarchy Panel.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD556a504a34d2cfbfc7eaa2b68e34af8ad
SHA1426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA2569309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7
-
Filesize
3KB
MD53d441f780367944d267e359e4786facd
SHA1d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5
SHA25649648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9
SHA5125f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90
-
Filesize
78KB
MD5e4ebcf76ff80ef398d3ab77d577f4c08
SHA1cb9e6b30a63d50ae87610f6855b64abfb25691d2
SHA2569661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5
SHA5128f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01
-
Filesize
4.0MB
MD515e3d44d37439f3ac8574ac1c9789ec2
SHA1bb3ef30e9f4496198f412738579966210ade36e0
SHA2565db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5
SHA512ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1
-
Filesize
395KB
MD5b0fc0ba80f8ec9586ff397412c512d9f
SHA10f6051b71b715a47be1fa16683201413905629a3
SHA25613db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234
SHA512222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d
-
Filesize
170KB
MD564a3d908b8a5feff2bccfc67f3a67dbd
SHA1a17d7e5fa57c99a067cac459cb507b625dac254e
SHA2566ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1
SHA51266374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc
-
Filesize
170KB
MD50d41ccfaa8e7ef96248b8270d1a44d08
SHA16ee22bdb91d3a18e0b45b6590eb69bc9a0b02326
SHA2560ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3
SHA512a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e
-
Filesize
177KB
MD597b8bec4c47286e333cc2bedacf7338e
SHA1764bbd0307924b71ca89538b42996208d10c9b91
SHA256060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de
SHA512a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf
-
Filesize
670KB
MD5738c096a9bc38e21a9aa59ebc356c80d
SHA1139756ad201a537461a6bb8524a4b89a63b1b1b9
SHA256300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0
SHA512294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2
-
Filesize
174KB
MD5fa90a2aee0d172000257c4faca31237c
SHA1b317281b4acaaf1d7b7255c5e92887322abae892
SHA256991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49
SHA512b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405
-
Filesize
181KB
MD5f6808c4fbbe0275db03b2cc5b4c2bc0d
SHA1e40b61c64c68f72fc5144f5057d54229babdecf8
SHA256e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248
SHA512f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4
-
Filesize
86KB
MD58dbfb67c059aa59f7c53e20ef6740363
SHA13de96e7f48ee7647f5a7c2efb68cbd914bc78364
SHA256a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2
SHA51270aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d
-
Filesize
1.1MB
MD55dfbcfbbf9e2ae7db23e252808699ffb
SHA1a1d429292fe73aeb5abab10304e1ae8c1262b26d
SHA256929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c
SHA5129ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09
-
Filesize
79KB
MD5a5770798b7a6465f5b5a8c19d7d707ee
SHA1ca67e9591d2f757cbbfacb55f27aec6485b10ee6
SHA256f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119
SHA51264da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc
-
Filesize
81KB
MD58f98206f577160f950d456d1190c8d32
SHA1defced38fce00775c4616b420fa674d77f946eff
SHA2562bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324
SHA512432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91
-
Filesize
173KB
MD5e03b206eec8a7efbd1a47909071226e5
SHA121163989ea524920e874bc7932adfcd5e94f854e
SHA256778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965
SHA512831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff
-
Filesize
4.8MB
MD5a718955297276f2349b7644447736e08
SHA1377388d115b77aff357dcaf92b6aeb6286b1460d
SHA25654ec206c8fe8ff27b3fb02ef892b8e6bc4b6abfff2fe08f5f57175c64f1d3220
SHA512a3c2ded0cdc4e62adac92a569d6cd4db0c3647e663700f019a9de27e738eb2672e5cccec19af15633a3cd25a882452ff5ce39c17f67dc3ed6653b9e0ad063641
-
Filesize
1.5MB
MD5050f07b46987eaf152aab521c0112fc4
SHA12d2c0943ce9c10ba09b0d5cca54c2a88a1e61e95
SHA256b93374fdfd9af786ff20597ae0e242b81373984ba5718194f9e57feb231c52cf
SHA512a27c370e40ec126b6b9f3ab7d603378c2b629ec752aa8fc57a10e3ef58c0b701a5d1b4903a17ba180c4e73e76b54304f0868c474eb60e671562d0deed83a18c8
-
Filesize
172KB
MD5b3fa2c3d50057ddd2c9579dc0aef1590
SHA188a1f57b9177c95a2e095866574639b09d5f310a
SHA2566eaf5744b8ec91312e1c6be83d852627e5204b3b64a1932e60e47438d73fb6bf
SHA5120d1b8288cbc1c206029fe2f9b7366b2f8b49158e4c9643e453111ceb90fd77af903533c64f6ede351755414c9e7daa926704cda6f1953be79e1adc7aff515508
-
Filesize
180KB
MD538502e61cc1d39095a12c1883551ad9f
SHA1135c9cad9e6d54bf66a1cee5c99ba510102623b0
SHA2560e9733277eac197c4eaf40fb0eada0907388222ef21843488a8e591149768301
SHA512cd67a63ea954a4db8c8dfadceb2822b447d98c2c43a8f9c6901d0fce3230605a0416395b92caea6ac08348d5f6b0e1cb052b24cf90829602b0a5b0652b8a2600
-
Filesize
106KB
MD5a267a675b7243d9152c7b8e3e261d64c
SHA19a0277095646e2a773e8a04a7913ce6a56cf05b5
SHA2569e82bf869638f8118f47f3870b1382401e42912cefcc6a9890489af5bb805c7e
SHA5120dae32c0c0fbf6918779a5e9699cbef27572458a5cdc7119298abddb6a597a0017fe33af06c02abe0c66f3cd490f6955bd7c65470ed3e31338d28575306c04bb
-
Filesize
234KB
MD54f2fb621cbea3cafb7a041c9b3c115a7
SHA1137502326e0126f372586d157e51a1416146c3be
SHA25698eb518c9785f988ab1dc0752e0ef6d23f171134e60187c621795d6877940f99
SHA51222171b9ecf1fc99b7aaf4e73c4d164cedcb503e83021f36a9cec673ff327f83a6c7568e22a7329cc6fc7ef3d6ff79d5dc6c88a8784e58401b884920c5ba2ac9b
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
54.6MB
-
Filesize
72KB