Overview
overview
3Static
static
3LOIC_2.9.9.99.zip
windows7-x64
1LOIC_2.9.9.99.zip
windows10-2004-x64
1LOIC.exe
windows7-x64
1LOIC.exe
windows10-2004-x64
1LOIC.exe.sig
windows7-x64
3LOIC.exe.sig
windows10-2004-x64
3LOIC.pdb
windows7-x64
3LOIC.pdb
windows10-2004-x64
3LOIC.pdb.sig
windows7-x64
3LOIC.pdb.sig
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
22-09-2023 04:36
Static task
static1
Behavioral task
behavioral1
Sample
LOIC_2.9.9.99.zip
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
LOIC_2.9.9.99.zip
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
LOIC.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
LOIC.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
LOIC.exe.sig
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
LOIC.exe.sig
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
LOIC.pdb
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
LOIC.pdb
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
LOIC.pdb.sig
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
LOIC.pdb.sig
Resource
win10v2004-20230915-en
General
-
Target
LOIC.exe.sig
-
Size
1KB
-
MD5
cb3164c67b6506ed10149b8eec742c87
-
SHA1
08ed6aa0be2b51a65cc65c2072801aa3c00407ef
-
SHA256
63c526882f22a6451ed11481938c54215e786ec7731e370b79f4f137da683c98
-
SHA512
4eb46b90b5a71d2856703eb39908b8adf749b3cc4530592396e0b56788133b3c2584c810893011f2a6343b46542961c8e313cda22b0b3df2301777e6c06ea6ad
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\sig_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\.sig rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\sig_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\sig_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\sig_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\sig_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\sig_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\.sig\ = "sig_auto_file" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2724 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2724 AcroRd32.exe 2724 AcroRd32.exe 2724 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2204 wrote to memory of 3024 2204 cmd.exe 29 PID 2204 wrote to memory of 3024 2204 cmd.exe 29 PID 2204 wrote to memory of 3024 2204 cmd.exe 29 PID 3024 wrote to memory of 2724 3024 rundll32.exe 30 PID 3024 wrote to memory of 2724 3024 rundll32.exe 30 PID 3024 wrote to memory of 2724 3024 rundll32.exe 30 PID 3024 wrote to memory of 2724 3024 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\LOIC.exe.sig1⤵
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\LOIC.exe.sig2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\LOIC.exe.sig"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2724
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56965701cccbd0640b4f402c716d4f390
SHA1ae76636966d4f4596d6401abe4b8b535157a07ce
SHA25659061301b6bfa8ecf9275c33ab6b12b069785d386db60629d7a35260f971bd57
SHA5127fabc951731389214545fff3281870c4036c1e82b085c3357e8f2ea5b83a128b851895c30e95459c0aaa8ef54d5efcf8f84f0c43197d7c05ff4bd4d7d77963ec