Overview

overview

10

Static

static

10

Anarchy.exe

windows7-x64

10

Anarchy.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    14s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2024 10:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anarchy.exe

  • Size

    16.1MB

  • MD5

    56373fb76365e161485614ff91d4030b

  • SHA1

    e2429e6e2953a948e8756a5ff7e87a68bdceabd2

  • SHA256

    e208fae2282697cdce4471ce296d4750743acb5b8e7ff09217667a69041243a7

  • SHA512

    27c8138c50b473121694b9ce4412d9757b7d74299df25aa5a6693578f05039c6d2f30367100732f16bbff42c78a8d27176d39a0c71d090ec5f18a70d31f1f40c

  • SSDEEP

    196608:i5CpPOu/P8G2eee0yMRs4vkmXaU7aIObk9fcdHJDLscmZk36zOAE2A1cZF7sL9YR:s+r0TaZ1LmZ+F1cby9YN/X

Score
10/10

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Anarchy.exe
    "C:\Users\Admin\AppData\Local\Temp\Anarchy.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2652
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:4176

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2652-0-0x00007FF9FB583000-0x00007FF9FB585000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2652-1-0x0000020626150000-0x0000020627170000-memory.dmp

      Filesize

      16.1MB

      Download

    • memory/2652-2-0x0000020641960000-0x0000020641BB2000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2652-3-0x00007FF9FB580000-0x00007FF9FC041000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2652-4-0x0000020643750000-0x0000020643944000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2652-5-0x0000020643A70000-0x0000020643BBE000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2652-6-0x0000020641670000-0x0000020641684000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2652-7-0x00007FF9FB580000-0x00007FF9FC041000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2652-8-0x00007FF9FB583000-0x00007FF9FB585000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2652-9-0x00000206461D0000-0x00000206467B8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2652-10-0x00007FF9FB580000-0x00007FF9FC041000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2652-11-0x00007FF9FB580000-0x00007FF9FC041000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2652-12-0x00007FF9FB580000-0x00007FF9FC041000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2652-14-0x00007FF9FB580000-0x00007FF9FC041000-memory.dmp

      Filesize

      10.8MB

      Download