8074d6085f0629dc715fbf492933cf91ae573051c84aa749d56f88936e8f0ea1

Analysis

max time kernel
136s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
26-10-2024 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anarxiya/Anarchy Panel.exe
Size

54.6MB
MD5

94bac1a0cc0dbac256f0d3b4c90648c2
SHA1

4abcb8a31881e88322f6a37cbb24a14a80c6eef2
SHA256

50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
SHA512

30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
SSDEEP

786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral1/memory/1372-1-0x0000000000620000-0x0000000003CBE000-memory.dmp	net_reactor

Loads dropped DLL 1 IoCs

Processes:

Anarchy Panel.exe

pid process

1372 Anarchy Panel.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

Processes:

Anarchy Panel.exe

pid	process
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe
1372	Anarchy Panel.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Anarchy Panel.exe

pid process

1372 Anarchy Panel.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Anarchy Panel.exe

description pid process

Token: SeDebugPrivilege 1372 Anarchy Panel.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Anarchy Panel.exe

pid process

1372 Anarchy Panel.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

Anarchy Panel.exe

pid process

1372 Anarchy Panel.exe

description	pid	process
Token: SeDebugPrivilege	1372	Anarchy Panel.exe

C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1372

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

Filesize
1.7MB

MD5
56a504a34d2cfbfc7eaa2b68e34af8ad

SHA1
426b48b0f3b691e3bb29f465aed9b936f29fc8cc

SHA256
9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

SHA512
170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

Download Submit
memory/1372-15-0x00007FFED75B3000-0x00007FFED75B5000-memory.dmp

Filesize
8KB

Download
memory/1372-3-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-17-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-18-0x0000000022C20000-0x0000000022E72000-memory.dmp

Filesize
2.3MB

Download
memory/1372-8-0x0000000005DF0000-0x0000000005E02000-memory.dmp

Filesize
72KB

Download
memory/1372-9-0x000000001F070000-0x000000001F658000-memory.dmp

Filesize
5.9MB

Download
memory/1372-10-0x000000001F660000-0x000000001FA20000-memory.dmp

Filesize
3.8MB

Download
memory/1372-11-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-12-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-13-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-14-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-0-0x00007FFED75B3000-0x00007FFED75B5000-memory.dmp

Filesize
8KB

Download
memory/1372-36-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-2-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-1-0x0000000000620000-0x0000000003CBE000-memory.dmp

Filesize
54.6MB

Download
memory/1372-19-0x0000000023400000-0x000000002354E000-memory.dmp

Filesize
1.3MB

Download
memory/1372-20-0x00000000236A0000-0x00000000236B4000-memory.dmp

Filesize
80KB

Download
memory/1372-21-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-22-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-23-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-24-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-25-0x00000000237F0000-0x0000000023802000-memory.dmp

Filesize
72KB

Download
memory/1372-26-0x0000000023810000-0x0000000023A88000-memory.dmp

Filesize
2.5MB

Download
memory/1372-32-0x000000001FD50000-0x000000001FD5A000-memory.dmp

Filesize
40KB

Download
memory/1372-35-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/1372-16-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download