bf9aa6957a814d551d3ba7f96690ff76c79ff884718b3a0f16ab17b96c2637ff

Resubmissions

13/01/2025, 00:17 UTC

250113-ak4a4sypbn 10

25/09/2024, 13:28 UTC

240925-qq3jrs1dja 10

24/09/2024, 20:51 UTC

240924-zm82taxhle 10

24/09/2024, 19:21 UTC

240924-x2m2sazhql 10

24/09/2024, 19:17 UTC

240924-xzhpaazgpj 10

24/09/2024, 18:11 UTC

240924-wsp94sxcnp 10

24/09/2024, 17:54 UTC

240924-whcahawgjr 10

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/09/2024, 17:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anarchy Panel.exe
Size

54.6MB
MD5

94bac1a0cc0dbac256f0d3b4c90648c2
SHA1

4abcb8a31881e88322f6a37cbb24a14a80c6eef2
SHA256

50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
SHA512

30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
SSDEEP

786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/2676-1-0x0000000000C60000-0x00000000042FE000-memory.dmp	net_reactor

Loads dropped DLL 1 IoCs

pid	Process
2676	Anarchy Panel.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2676	Anarchy Panel.exe

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

Filesize
1.7MB

MD5
56a504a34d2cfbfc7eaa2b68e34af8ad

SHA1
426b48b0f3b691e3bb29f465aed9b936f29fc8cc

SHA256
9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

SHA512
170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

Download Submit
memory/2676-11-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-13-0x000007FEF6123000-0x000007FEF6124000-memory.dmp

Filesize
4KB

Download
memory/2676-3-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-1-0x0000000000C60000-0x00000000042FE000-memory.dmp

Filesize
54.6MB

Download
memory/2676-8-0x000000001F760000-0x000000001FD48000-memory.dmp

Filesize
5.9MB

Download
memory/2676-9-0x000000001FD50000-0x0000000020110000-memory.dmp

Filesize
3.8MB

Download
memory/2676-2-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-10-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-12-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-0-0x000007FEF6123000-0x000007FEF6124000-memory.dmp

Filesize
4KB

Download
memory/2676-14-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-15-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-16-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-17-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-18-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2676-19-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

Filesize
9.9MB

Download