e682b63bb01f73c7addab70a6fa2c81557d316f36327eef5c10ce0c86de3e5a6

Analysis

max time kernel
151s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2023, 02:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

loader (1).exe
Size

11.4MB
MD5

12d54c2c5cb60ba8c1ab746af88612db
SHA1

7a1d59b54bbb7bcbacf19fd49adf0e9230b992c0
SHA256

e682b63bb01f73c7addab70a6fa2c81557d316f36327eef5c10ce0c86de3e5a6
SHA512

a35b7ad2dd137d727402f2c1f51893031f5cea337cb6eea508902706d3b84e669abc431eb660262961ff45f92f8c532b66f6e58256ebae31cf72ca14ae65bd8d
SSDEEP

196608:3WiK+XNOrzEubo3WpAWT2zGFy3JBms97ZEMqdXFYlleRHCTbQy+:3WhQ5uU3WCdzGFeGEhCFBP

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
32	myexternalip.com

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe
1996	loader (1).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1996	loader (1).exe

C:\Users\Admin\AppData\Local\Temp\loader (1).exe
"C:\Users\Admin\AppData\Local\Temp\loader (1).exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1996

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-133-0x00007FFEF7EF0000-0x00007FFEF7EF2000-memory.dmp

Filesize
8KB

Download
memory/1996-134-0x00007FFEF7F00000-0x00007FFEF7F02000-memory.dmp

Filesize
8KB

Download
memory/1996-135-0x00007FFEF7F10000-0x00007FFEF7F12000-memory.dmp

Filesize
8KB

Download
memory/1996-136-0x00007FFEF7F20000-0x00007FFEF7F22000-memory.dmp

Filesize
8KB

Download
memory/1996-137-0x00007FFEF7F30000-0x00007FFEF7F32000-memory.dmp

Filesize
8KB

Download
memory/1996-138-0x00007FFEF7F40000-0x00007FFEF7F42000-memory.dmp

Filesize
8KB

Download
memory/1996-139-0x00007FFEF7F50000-0x00007FFEF7F52000-memory.dmp

Filesize
8KB

Download
memory/1996-140-0x00007FFEF7F60000-0x00007FFEF7F62000-memory.dmp

Filesize
8KB

Download
memory/1996-141-0x00007FFEF7F70000-0x00007FFEF7F72000-memory.dmp

Filesize
8KB

Download
memory/1996-142-0x00007FFEF7F80000-0x00007FFEF7F82000-memory.dmp

Filesize
8KB

Download
memory/1996-143-0x00007FFEF7F90000-0x00007FFEF7F92000-memory.dmp

Filesize
8KB

Download
memory/1996-144-0x00007FFEF7FA0000-0x00007FFEF7FA2000-memory.dmp

Filesize
8KB

Download
memory/1996-145-0x00007FFEF7FB0000-0x00007FFEF7FB2000-memory.dmp

Filesize
8KB

Download
memory/1996-146-0x00007FFEF7FC0000-0x00007FFEF7FC2000-memory.dmp

Filesize
8KB

Download
memory/1996-147-0x00007FFEF7FD0000-0x00007FFEF7FD2000-memory.dmp

Filesize
8KB

Download
memory/1996-148-0x00007FFEF7FE0000-0x00007FFEF7FE2000-memory.dmp

Filesize
8KB

Download
memory/1996-149-0x00007FFEF7FF0000-0x00007FFEF7FF2000-memory.dmp

Filesize
8KB

Download
memory/1996-150-0x00007FFEF8000000-0x00007FFEF8002000-memory.dmp

Filesize
8KB

Download
memory/1996-151-0x000002014F440000-0x000002014F686000-memory.dmp

Filesize
2.3MB

Download
memory/1996-157-0x000002014F310000-0x000002014F39A000-memory.dmp

Filesize
552KB

Download
memory/1996-163-0x000002014F3A0000-0x000002014F3BA000-memory.dmp

Filesize
104KB

Download
memory/1996-169-0x000002014F690000-0x000002014FA2C000-memory.dmp

Filesize
3.6MB

Download
memory/1996-175-0x000002014F440000-0x000002014F686000-memory.dmp

Filesize
2.3MB

Download
memory/1996-176-0x000002014F3A0000-0x000002014F3BA000-memory.dmp

Filesize
104KB

Download
memory/1996-177-0x000002014F310000-0x000002014F39A000-memory.dmp

Filesize
552KB

Download
memory/1996-178-0x000002014F690000-0x000002014FA2C000-memory.dmp

Filesize
3.6MB

Download
memory/1996-179-0x00007FF623ED0000-0x00007FF62569E000-memory.dmp

Filesize
23.8MB

Download