Overview

overview

7

Static

static

1

Anarchy Panel 4.7.7z

windows10-2004-x64

7

Resubmissions

14-08-2024 22:02

240814-1yattssdkl 7

14-08-2024 21:57

240814-1vba7axcqg 10

14-08-2024 21:49

240814-1pk87sxakc 10

Analysis

  • max time kernel
    198s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anarchy Panel 4.7.7z

  • Size

    52.3MB

  • MD5

    40fa4dfb75a2ff3595435c374a5f5e68

  • SHA1

    2086fd6c2f38fb20e87a50cf3ee27dfb68fa3843

  • SHA256

    bf9aa6957a814d551d3ba7f96690ff76c79ff884718b3a0f16ab17b96c2637ff

  • SHA512

    a0655a97428c2a1981015c7b819a207d119b82fe88242f8a0e703adf3eedd386de73412e428dfce1fcedacbbb04ff23775c66e21584f27b5065ed32f510da3de

  • SSDEEP

    1572864:AN5bnkUpaR1Ju0aVJfQF593gMr8okmaHY5q2iSBHxhj3lF:Q5bkxbJOJfnMYoriIRhX

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7.7z"
    1⤵
    • Modifies registry class
    PID:868
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2200
  • C:\Program Files\7-Zip\7zG.exe
    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Anarchy Panel 4.7\" -spe -an -ai#7zMap6532:90:7zEvent19504
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4184
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3460
    • C:\Users\Admin\Desktop\Anarchy Panel 4.7\Anarchy Panel.exe
      "C:\Users\Admin\Desktop\Anarchy Panel 4.7\Anarchy Panel.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2540
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:4968

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
        Filesize

        1.7MB

        MD5

        56a504a34d2cfbfc7eaa2b68e34af8ad

        SHA1

        426b48b0f3b691e3bb29f465aed9b936f29fc8cc

        SHA256

        9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

        SHA512

        170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

        Download Submit

      • C:\Users\Admin\Desktop\Anarchy Panel 4.7\Anarchy Panel.exe.config
        Filesize

        3KB

        MD5

        3d441f780367944d267e359e4786facd

        SHA1

        d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5

        SHA256

        49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9

        SHA512

        5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

        Download Submit

      • memory/2540-47-0x0000000000930000-0x0000000003FCE000-memory.dmp

        Filesize

        54.6MB

        Download

      • memory/2540-53-0x0000000006090000-0x00000000060A2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2540-54-0x000000001F120000-0x000000001F708000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2540-55-0x000000001F710000-0x000000001FAD0000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/2540-56-0x00000000234C0000-0x0000000023712000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/2540-57-0x0000000023D40000-0x0000000023E8E000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2540-58-0x0000000023ED0000-0x0000000023EE4000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2540-59-0x0000000023EA0000-0x0000000023EB2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2540-60-0x00000000240A0000-0x0000000024318000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2540-66-0x0000000023CD0000-0x0000000023CDA000-memory.dmp

        Filesize

        40KB

        Download