Overview

overview

7

Static

static

3

LOADER.rar

windows10-2004-x64

3

LOADER/AlphaFS.dll

windows10-2004-x64

1

LOADER/Loader.exe

windows10-2004-x64

7

LOADER/libEGL.dll

windows10-2004-x64

1

LOADER/mod...47.dll

windows10-2004-x64

1

LOADER/swi...GL.dll

windows10-2004-x64

1

LOADER/swi...v2.dll

windows10-2004-x64

1

LOADER/vulkan-1.dll

windows10-2004-x64

1

Resubmissions

31-10-2023 11:21

231031-ngcwmsff6w 7

Analysis

  • max time kernel
    229s
  • max time network
    232s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-10-2023 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LOADER.rar

  • Size

    9.9MB

  • MD5

    53647cd383eccea76f4dc800fb51c722

  • SHA1

    3ae7d6f2401da7addfc11dc479dc412ed83bc8b5

  • SHA256

    9f874d738291a1eb1e519f68a999d0e6b59dc57acc57d652447fbb3f695a222a

  • SHA512

    7176fb1299f26300e352807ae9b578868b2637616c401f0fdc849c78d753c2784c81a38d855b8122d6290ee4b4f4ee8ae7945a787193a3149b48494cb92c36c2

  • SSDEEP

    196608:mzZzIuUK31VFpqi4q1t4R9Gsux765h9+eRXUfMHaGWsdgBbFMf3Nu:mzZzIuT3HFpj51o9nMuXTlBWBbFMf38

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\LOADER.rar
    1⤵
    • Modifies registry class
    PID:2660
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1692
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3248
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      4486395e25947f7d97608649c61e291c

      SHA1

      3c343c43681269c392477d79010521e3ce0d6b81

      SHA256

      b44b0e1cf29e780b9bb1c33bacc9db4806f12cc654bd4d0508e5719faef7e3bc

      SHA512

      738ea4af7537b74b125fc51081cee3596be3880590a9970f75449bb9f03f2d436726f133de99d20510ebfed93c25356c2272e357c739adf4901c49f32f2cf10a

      Download Submit

    • memory/4064-40-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-33-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-42-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-34-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-35-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-36-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-37-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-38-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-43-0x00000262AB4B0000-0x00000262AB4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-0-0x00000262A3170000-0x00000262A3180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4064-68-0x00000262AB700000-0x00000262AB701000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-32-0x00000262AB860000-0x00000262AB861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-39-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-44-0x00000262AB4A0000-0x00000262AB4A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-46-0x00000262AB4B0000-0x00000262AB4B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-49-0x00000262AB4A0000-0x00000262AB4A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-52-0x00000262AB3E0000-0x00000262AB3E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-16-0x00000262A3270000-0x00000262A3280000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4064-64-0x00000262AB5E0000-0x00000262AB5E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-66-0x00000262AB5F0000-0x00000262AB5F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-67-0x00000262AB5F0000-0x00000262AB5F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4064-41-0x00000262AB880000-0x00000262AB881000-memory.dmp

      Filesize

      4KB

      Download