9066bf585bfa98e1bb016eaa4b2148211637f6a2482e59371836c55f87abab96

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2023 06:36

Target

LoaderCYBERNET.exe
Size

2.5MB
MD5

f7daca65b6e9c1be34b1bc06004b5090
SHA1

1c10b84eb72f9edd413fcd6bab6c66c955c37718
SHA256

9066bf585bfa98e1bb016eaa4b2148211637f6a2482e59371836c55f87abab96
SHA512

de2aad500ac802e40980531a2755b9b77cc202b347345c53a9fb922a4150d81331a7d977ab9cd669babf357f41fc8646c8bda3807323480be7fb649aa3ce5cf3
SSDEEP

49152:LFOy/GJk3oFmJp/zPRJlyrnEbTPDoWZprbsL6m6+J2Q0R:LHOczUrnEb7DrZprYemp2Q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2480	1716	WerFault.exe	81

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 3092	1716	LoaderCYBERNET.exe	83
PID 1716 wrote to memory of 3092	1716	LoaderCYBERNET.exe	83
PID 1716 wrote to memory of 3092	1716	LoaderCYBERNET.exe	83
PID 3092 wrote to memory of 4952	3092	cmd.exe	84
PID 3092 wrote to memory of 4952	3092	cmd.exe	84
PID 3092 wrote to memory of 4952	3092	cmd.exe	84
PID 1716 wrote to memory of 4392	1716	LoaderCYBERNET.exe	86
PID 1716 wrote to memory of 4392	1716	LoaderCYBERNET.exe	86
PID 1716 wrote to memory of 4392	1716	LoaderCYBERNET.exe	86
PID 1716 wrote to memory of 3592	1716	LoaderCYBERNET.exe	87
PID 1716 wrote to memory of 3592	1716	LoaderCYBERNET.exe	87
PID 1716 wrote to memory of 3592	1716	LoaderCYBERNET.exe	87
PID 1716 wrote to memory of 1096	1716	LoaderCYBERNET.exe	88
PID 1716 wrote to memory of 1096	1716	LoaderCYBERNET.exe	88
PID 1716 wrote to memory of 1096	1716	LoaderCYBERNET.exe	88
PID 1716 wrote to memory of 1092	1716	LoaderCYBERNET.exe	89
PID 1716 wrote to memory of 1092	1716	LoaderCYBERNET.exe	89
PID 1716 wrote to memory of 1092	1716	LoaderCYBERNET.exe	89
PID 1716 wrote to memory of 5044	1716	LoaderCYBERNET.exe	90
PID 1716 wrote to memory of 5044	1716	LoaderCYBERNET.exe	90
PID 1716 wrote to memory of 5044	1716	LoaderCYBERNET.exe	90
PID 1716 wrote to memory of 1244	1716	LoaderCYBERNET.exe	91
PID 1716 wrote to memory of 1244	1716	LoaderCYBERNET.exe	91
PID 1716 wrote to memory of 1244	1716	LoaderCYBERNET.exe	91

C:\Users\Admin\AppData\Local\Temp\LoaderCYBERNET.exe
"C:\Users\Admin\AppData\Local\Temp\LoaderCYBERNET.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c MODE CON COLS=19 LINES=2
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3092
- - C:\Windows\SysWOW64\mode.com
    MODE CON COLS=19 LINES=2
    3⤵
    PID:4952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color B
  2⤵
  PID:4392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3592
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color B
  2⤵
  PID:1096
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color B
  2⤵
  PID:5044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 1012
  2⤵
  - Program crash
  PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1716 -ip 1716
1⤵
PID:1836