aresloader | b280e418cc13c8f1efe66c8c5f4b83e0a544ddbb9d0c460e24d279b93a22c5b3

Analysis

max time kernel
137s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2023 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shit.exe
Size

5.3MB
MD5

daffa640a69186627d8c2334901f1b86
SHA1

3c7daeed595df7100ae082c41677178bec1bbaa2
SHA256

b280e418cc13c8f1efe66c8c5f4b83e0a544ddbb9d0c460e24d279b93a22c5b3
SHA512

1c1022cc5064295d5201f72a1fb2a164bfc5388ef2b8cf0d70f336557f6125c6dc104056dcb5057505243e46446109992199d2a12d9b0a916e3963d1408950cd
SSDEEP

98304:f6CJJsPG4aQxuM0HsYspanM2ubkbBVxOnZUNlriiCSqBhYAYSq+h/Vsd/xi8Expe:vgpxl0HsYspanM2ubkbBVxOZymiCSqBo

Score

10^/10

aresloader loader

Malware Config

Extracted

Family

aresloader

http://45.80.69.193

Signatures

AresLoader
AresLoader is a loader and downloader written in C++.
loader aresloader

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
59	ipinfo.io
60	ipinfo.io

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4908	shit.exe
Token: SeIncBasePriorityPrivilege	4908	shit.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2296	4908	shit.exe	97
PID 4908 wrote to memory of 2296	4908	shit.exe	97
PID 4908 wrote to memory of 2296	4908	shit.exe	97
PID 2296 wrote to memory of 3156	2296	cmd.exe	99
PID 2296 wrote to memory of 3156	2296	cmd.exe	99
PID 2296 wrote to memory of 3156	2296	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\shit.exe
"C:\Users\Admin\AppData\Local\Temp\shit.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c tzutil /g
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Windows\SysWOW64\tzutil.exe
    tzutil /g
    3⤵
    PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\MicrosoftMT\MsMpEng.exe

Filesize
153B

MD5
cd31d1bda62e6c59e395bcd54ea7b23f

SHA1
8be312a526cda4e722942b168514c5a25ad57870

SHA256
5c829b1bc9a371935075b06108fa9f9aa1d2f00098db46650d6bea3d58099da0

SHA512
4e960c9794b0cbdcc375d4f8844d8ffb5ddbab73fdb1ff96b95859eac41118e48b27c23aa90b9737ca2fa3c87505e12466b966ad2f55d396bbd4ab0efa3a13ea

Download Submit
memory/4908-0-0x0000000000740000-0x0000000000DC4000-memory.dmp

Filesize
6.5MB

Download
memory/4908-1-0x0000000000740000-0x0000000000DC4000-memory.dmp

Filesize
6.5MB

Download
memory/4908-2-0x0000000000740000-0x0000000000DC4000-memory.dmp

Filesize
6.5MB

Download
memory/4908-3-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-4-0x00000000012A0000-0x00000000012A4000-memory.dmp

Filesize
16KB

Download
memory/4908-5-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-6-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-8-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-9-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-12-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-14-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-11-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-15-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-17-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-20-0x0000000000740000-0x0000000000DC4000-memory.dmp

Filesize
6.5MB

Download
memory/4908-22-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-23-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-25-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-26-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-28-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-31-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-30-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/4908-21-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/4908-32-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/4908-34-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-37-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-39-0x00000000012A0000-0x00000000012A4000-memory.dmp

Filesize
16KB

Download
memory/4908-42-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/4908-44-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-45-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-49-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-50-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-54-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-59-0x0000000003620000-0x0000000003660000-memory.dmp

Filesize
256KB

Download
memory/4908-57-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-55-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/4908-62-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/4908-61-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/4908-53-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-51-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-46-0x00000000036B0000-0x00000000038B0000-memory.dmp

Filesize
2.0MB

Download
memory/4908-48-0x0000000003870000-0x0000000003871000-memory.dmp

Filesize
4KB

Download
memory/4908-41-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-40-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-36-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-35-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-65-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-63-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-69-0x0000000003670000-0x00000000036B0000-memory.dmp

Filesize
256KB

Download
memory/4908-66-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-67-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-75-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-72-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-70-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-77-0x0000000003620000-0x0000000003622000-memory.dmp

Filesize
8KB

Download
memory/4908-78-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-79-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/4908-81-0x00000000035B0000-0x00000000035B2000-memory.dmp

Filesize
8KB

Download
memory/4908-73-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-82-0x00000000036B0000-0x00000000038B0000-memory.dmp

Filesize
2.0MB

Download
memory/4908-83-0x0000000003630000-0x0000000003633000-memory.dmp

Filesize
12KB

Download
memory/4908-84-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-85-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/4908-86-0x0000000003620000-0x0000000003660000-memory.dmp

Filesize
256KB

Download
memory/4908-87-0x0000000003670000-0x00000000036B0000-memory.dmp

Filesize
256KB

Download
memory/4908-89-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/4908-90-0x0000000003620000-0x0000000003622000-memory.dmp

Filesize
8KB

Download
memory/4908-91-0x00000000035B0000-0x00000000035B2000-memory.dmp

Filesize
8KB

Download
memory/4908-93-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-94-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-97-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/4908-95-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-98-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-102-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-100-0x00000000014D0000-0x0000000001995000-memory.dmp

Filesize
4.8MB

Download
memory/4908-105-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/4908-110-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-118-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/4908-115-0x00000000038D0000-0x00000000038D2000-memory.dmp

Filesize
8KB

Download
memory/4908-120-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/4908-127-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-124-0x0000000003620000-0x0000000003660000-memory.dmp

Filesize
256KB

Download
memory/4908-130-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-133-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-139-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/4908-136-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/4908-143-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/4908-145-0x00000000035C0000-0x00000000035C2000-memory.dmp

Filesize
8KB

Download
memory/4908-150-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/4908-153-0x00000000038D0000-0x00000000038D2000-memory.dmp

Filesize
8KB

Download
memory/4908-156-0x0000000003620000-0x0000000003660000-memory.dmp

Filesize
256KB

Download
memory/4908-158-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-161-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/4908-164-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/4908-166-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4908-168-0x0000000003620000-0x0000000003660000-memory.dmp

Filesize
256KB

Download
memory/4908-170-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-174-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/4908-177-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4908-182-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download