Analysis Overview
SHA256
25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21
Threat Level: Known bad
The file 25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21 was found to be: Known bad.
Malicious Activity Summary
Xloader
Xloader Payload
Suspicious use of SetThreadContext
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-21 10:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-21 10:21
Reported
2022-06-21 10:23
Platform
win10-20220414-en
Max time kernel
57s
Max time network
78s
Command Line
Signatures
Xloader
Xloader Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4692 set thread context of 4200 | N/A | C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe | C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe
"C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe"
C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe
"C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe"
Network
| Country | Destination | Domain | Proto |
| US | 20.42.65.89:443 | tcp | |
| US | 93.184.221.240:80 | tcp |
Files
memory/4692-117-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-118-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-119-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-120-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-121-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-122-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-123-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-124-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-125-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-126-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-127-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-129-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-130-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-131-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-128-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-132-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-133-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-135-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-137-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-140-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-139-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-138-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-136-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-134-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-141-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-142-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-144-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-143-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-146-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-145-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-147-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-148-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-149-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-150-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-151-0x0000000000820000-0x000000000089C000-memory.dmp
memory/4692-152-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-153-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-154-0x0000000005680000-0x0000000005B7E000-memory.dmp
memory/4692-155-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-156-0x00000000050B0000-0x0000000005142000-memory.dmp
memory/4692-157-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-158-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-159-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-161-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-163-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-164-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-165-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-162-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-160-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-166-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-167-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-168-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-169-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-170-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-171-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-172-0x0000000005160000-0x000000000516A000-memory.dmp
memory/4692-173-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-174-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-175-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-176-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-177-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-178-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-179-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-180-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-182-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-184-0x0000000005320000-0x000000000532E000-memory.dmp
memory/4692-183-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-181-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-185-0x0000000077670000-0x00000000777FE000-memory.dmp
memory/4692-186-0x0000000008B10000-0x0000000008B7A000-memory.dmp
memory/4692-187-0x0000000008C30000-0x0000000008CCC000-memory.dmp
memory/4692-188-0x0000000008BA0000-0x0000000008BD2000-memory.dmp
memory/4200-190-0x000000000041F2B0-mapping.dmp
memory/4200-197-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4200-198-0x0000000001310000-0x0000000001630000-memory.dmp