triumphloader | 54da392d7204459210bc5035f612f5f7294973de31fc635e2cfc3af40c72aa9b

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/01/2023, 15:21

Target

54da392d7204459210bc5035f612f5f7294973de31fc635e2cfc3af40c72aa9b.exe
Size

383KB
MD5

7273b9a307d1761e38b0cceac3281217
SHA1

a86108e33b221c84ec59c61b8a37febe2a8bbba8
SHA256

54da392d7204459210bc5035f612f5f7294973de31fc635e2cfc3af40c72aa9b
SHA512

62b0dc9696ba720af607acd48337a3273d32702f0cef841f4eac8bd355e3474bef0192baa734f2dae49fcf7fc0376a8489813a68b873f93c55227b64e85dcced
SSDEEP

6144:S+LBazVtCLeY8gHvizRzoSWAB2gAoasce2rr2uXGuh0J9c/DWsHnZnB:dLBazVtCyYNHuoSWzgAbXuuhRz5

Score

10^/10

TriumphLoader
TriumphLoader is a c++ loader based on the open source AbsentLoader.
trojan loader triumphloader

TriumphLoader payload 3 IoCs

resource	yara_rule
behavioral1/memory/1748-55-0x0000000000260000-0x00000000002DF000-memory.dmp	family_triumphloader
behavioral1/memory/1748-56-0x0000000000400000-0x0000000000859000-memory.dmp	family_triumphloader
behavioral1/memory/1748-59-0x0000000000400000-0x0000000000859000-memory.dmp	family_triumphloader

C:\Users\Admin\AppData\Local\Temp\54da392d7204459210bc5035f612f5f7294973de31fc635e2cfc3af40c72aa9b.exe
"C:\Users\Admin\AppData\Local\Temp\54da392d7204459210bc5035f612f5f7294973de31fc635e2cfc3af40c72aa9b.exe"
1⤵
PID:1748

memory/1748-54-0x0000000000CBA000-0x0000000000CF6000-memory.dmp

Filesize
240KB

Download
memory/1748-55-0x0000000000260000-0x00000000002DF000-memory.dmp

Filesize
508KB

Download
memory/1748-56-0x0000000000400000-0x0000000000859000-memory.dmp

Filesize
4.3MB

Download
memory/1748-57-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/1748-58-0x0000000000CBA000-0x0000000000CF6000-memory.dmp

Filesize
240KB

Download
memory/1748-59-0x0000000000400000-0x0000000000859000-memory.dmp

Filesize
4.3MB

Download