Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
06-05-2023 03:10
General
-
Target
3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5.exe
-
Size
4.5MB
-
MD5
b9a8daac90993d6759cd99ff322b1c67
-
SHA1
189c38dd976accb24c99b04d1d3ed8f082993638
-
SHA256
3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5
-
SHA512
486f4f894488f5bc9c383ad05d66af6ea4557cda11fe2f34b1abc8444674fb1437635b2d09f3597db4c79708d116bdefd3d2ef168c9426f471ea62159bca0d61
-
SSDEEP
98304:2GgIlPKNT8aXeHEl/60qSAHbCej1j7eLdFZ:2GzoT82+VSA74dF
Score
10/10
Malware Config
Signatures
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 4 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5.exe"C:\Users\Admin\AppData\Local\Temp\3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 9602⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1580-54-0x00000000012F0000-0x000000000254D000-memory.dmpFilesize
18.4MB