Overview

overview

10

Static

static

10

Loki 1.8/C...V2.dll

windows7_x64

1

Loki 1.8/C...V2.dll

windows10-2004_x64

1

Loki 1.8/L...al.exe

windows7_x64

1

Loki 1.8/L...al.exe

windows10-2004_x64

1

Loki 1.8/M...UI.dll

windows7_x64

1

Loki 1.8/M...UI.dll

windows10-2004_x64

1

Loki 1.8/N...ty.dll

windows7_x64

1

Loki 1.8/N...ty.dll

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ass.js

windows7_x64

1

Loki 1.8/P...ass.js

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Loki 1.8/P...ss.ps1

windows7_x64

1

Loki 1.8/P...ss.ps1

windows10-2004_x64

1

Analysis

  • max time kernel
    32s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loki 1.8/Panel/inc/class/pCharts/class/pRadar.class.ps1

  • Size

    33KB

  • MD5

    164be607d90ef2cd65685a9a56162631

  • SHA1

    da52bc88e278f1b9e0f2f7584e1b76bc24875e5d

  • SHA256

    05b4befdb507843d814dd4d9d84747f2ae2a669432ecf07b7cfec71f23ea4bb5

  • SHA512

    9b8d20509309b8dd865abfb47528c2bbbbc6e22ff7d31db24c3f4a4243ccafcf418d915c4cb1d8a9241142d4fbdf9da03683c24de9daad0c42f4b8bc2c94c075

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Loki 1.8\Panel\inc\class\pCharts\class\pRadar.class.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/972-54-0x000007FEFC0F1000-0x000007FEFC0F3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/972-55-0x000007FEF4710000-0x000007FEF5133000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/972-56-0x000007FEF3BB0000-0x000007FEF470D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/972-57-0x000007FEF5140000-0x000007FEF601C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/972-58-0x000007FEF4710000-0x000007FEF5133000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/972-60-0x0000000002544000-0x0000000002547000-memory.dmp
    Filesize

    12KB

    Download
  • memory/972-59-0x000007FEF6C40000-0x000007FEF6CF2000-memory.dmp
    Filesize

    712KB

    Download
  • memory/972-61-0x000007FEF3880000-0x000007FEF3BAE000-memory.dmp
    Filesize

    3.2MB

    Download
  • memory/972-62-0x000007FEF6DD0000-0x000007FEF6E39000-memory.dmp
    Filesize

    420KB

    Download
  • memory/972-63-0x000007FEF6D90000-0x000007FEF6DC2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/972-64-0x000007FEF6B90000-0x000007FEF6C3A000-memory.dmp
    Filesize

    680KB

    Download
  • memory/972-65-0x000007FEF6AA0000-0x000007FEF6B85000-memory.dmp
    Filesize

    916KB

    Download
  • memory/972-66-0x000007FEF3660000-0x000007FEF3876000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/972-67-0x000007FEF3540000-0x000007FEF3658000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/972-68-0x000007FEF6A60000-0x000007FEF6A9E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/972-69-0x000007FEF28A0000-0x000007FEF2F45000-memory.dmp
    Filesize

    6.6MB

    Download
  • memory/972-71-0x000007FEF3240000-0x000007FEF33AC000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/972-72-0x000007FEF30A0000-0x000007FEF3235000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/972-70-0x000000001B770000-0x000000001BA6F000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/972-73-0x000007FEF3BB0000-0x000007FEF470D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/972-74-0x000007FEF4710000-0x000007FEF5133000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/972-75-0x000007FEF6C40000-0x000007FEF6CF2000-memory.dmp
    Filesize

    712KB

    Download
  • memory/972-77-0x000007FEF3660000-0x000007FEF3876000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/972-76-0x0000000002544000-0x0000000002547000-memory.dmp
    Filesize

    12KB

    Download
  • memory/972-78-0x000007FEF6A60000-0x000007FEF6A9E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/972-79-0x000007FEF3240000-0x000007FEF33AC000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/972-80-0x000007FEEF1B0000-0x000007FEEF9FB000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/972-81-0x000000000254B000-0x000000000256A000-memory.dmp
    Filesize

    124KB

    Download
  • memory/972-82-0x000007FEF5140000-0x000007FEF601C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/972-83-0x000007FEF28A0000-0x000007FEF2F45000-memory.dmp
    Filesize

    6.6MB

    Download