Overview

overview

10

Static

static

10

Loki 1.8/C...V2.dll

windows7_x64

1

Loki 1.8/C...V2.dll

windows10-2004_x64

1

Loki 1.8/L...al.exe

windows7_x64

1

Loki 1.8/L...al.exe

windows10-2004_x64

1

Loki 1.8/M...UI.dll

windows7_x64

1

Loki 1.8/M...UI.dll

windows10-2004_x64

1

Loki 1.8/N...ty.dll

windows7_x64

1

Loki 1.8/N...ty.dll

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loki 1.8/Panel/inc/class/pCharts/class/pPie.class.ps1

  • Size

    65KB

  • MD5

    4a8df9c68451a7846fbbfb5213c450d8

  • SHA1

    768de54634a27f2899887630427aea84bdd87bfc

  • SHA256

    a84369ce6edeaef275e6973227e6212df23234e9c4649e73354b9b247559a13d

  • SHA512

    ecf9a4d38dd3c18db9b48e872a5289fea5d648bd53a335322cac2015a57083d3e2fdd4213c197904cbf0af61a160a58d0317c7f72a03e93dc7d5257870fab9b3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Loki 1.8\Panel\inc\class\pCharts\class\pPie.class.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1080-54-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1080-55-0x000007FEF3890000-0x000007FEF42B3000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1080-56-0x000007FEF2D30000-0x000007FEF388D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1080-57-0x000007FEF42C0000-0x000007FEF519C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/1080-58-0x000007FEF3890000-0x000007FEF42B3000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1080-60-0x0000000002754000-0x0000000002757000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1080-59-0x000007FEF6A40000-0x000007FEF6AF2000-memory.dmp
    Filesize

    712KB

    Download
  • memory/1080-61-0x000007FEF2D30000-0x000007FEF388D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1080-62-0x000007FEF61B0000-0x000007FEF64DE000-memory.dmp
    Filesize

    3.2MB

    Download
  • memory/1080-63-0x000007FEFB120000-0x000007FEFB189000-memory.dmp
    Filesize

    420KB

    Download
  • memory/1080-65-0x000007FEFAFF0000-0x000007FEFB022000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1080-64-0x000007FEF6600000-0x000007FEF6816000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/1080-66-0x000007FEFAE40000-0x000007FEFAEEA000-memory.dmp
    Filesize

    680KB

    Download
  • memory/1080-67-0x000007FEF6950000-0x000007FEF6A35000-memory.dmp
    Filesize

    916KB

    Download
  • memory/1080-68-0x000007FEF6090000-0x000007FEF61A8000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1080-69-0x000007FEFAFB0000-0x000007FEFAFEE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1080-70-0x000007FEF3890000-0x000007FEF42B3000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1080-71-0x000007FEEF590000-0x000007FEEFC35000-memory.dmp
    Filesize

    6.6MB

    Download
  • memory/1080-72-0x000007FEF5D90000-0x000007FEF5EFC000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1080-73-0x000007FEF5BF0000-0x000007FEF5D85000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1080-74-0x000007FEF24E0000-0x000007FEF2D2B000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/1080-75-0x000000000275B000-0x000000000277A000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1080-76-0x000007FEF2D30000-0x000007FEF388D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1080-77-0x000007FEF42C0000-0x000007FEF519C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/1080-79-0x0000000002754000-0x0000000002757000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1080-78-0x000007FEF6A40000-0x000007FEF6AF2000-memory.dmp
    Filesize

    712KB

    Download