e4e930b31557e201555ad308d24abb1778227b90b6f90fe45b8f193d76d82422

Analysis

max time kernel
15s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 18:24

Target

Loader.exe
Size

7.3MB
MD5

9454f0102e28c8ba0152c59ac1aa35ea
SHA1

5e9e720b018a6515fd021871c16aec82f0607787
SHA256

e4e930b31557e201555ad308d24abb1778227b90b6f90fe45b8f193d76d82422
SHA512

7f33a5f4f630d964cdadf114b8f08d5d030613b950717b416cd4bffee62638f11b613e52872c5913ace77568d99e3deb3f936ff54b26659e30cf441f3f46db8d
SSDEEP

196608:sXm0LbwdcJ6GSEC7wuMMgGJYR5Gj9ZgANoEs3+c:4LLb31C7wMwGj9ZgANiuc

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2296	Loader.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2296	Loader.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS\shell\open\command	Loader.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Loader.exe\" \"%1\""	Loader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS	Loader.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS\ = "URL:GoS Protocol"	Loader.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS\URL Protocol	Loader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS\shell	Loader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoS\shell\open	Loader.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2296	Loader.exe
2296	Loader.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	Loader.exe

Suspicious use of SetWindowsHookEx 4 IoCs

C:\Users\Admin\AppData\Local\Temp\IndyHelper.dll

Filesize
210KB

MD5
fbbb517ba9df09780608d44040ba68d8

SHA1
8f05d3b9a5f4c93bee394aa758a70eb35b5c8b6d

SHA256
95405ea96ddcdb9479c2ea6e07e64aed9077c3dbdd296ef8fb59ca1539697a22

SHA512
7a1ea0327a6967c2d6d0037624f31107060e14f1c43ab4abbc477b8834db9787473ce5be814f3439189481ee62f3fe857d25a649661d05d8472d30822163c427

Download Submit
memory/2296-0-0x0000000000400000-0x0000000001312000-memory.dmp

Filesize
15.1MB

Download
memory/2296-1-0x0000000001590000-0x0000000001591000-memory.dmp

Filesize
4KB

Download
memory/2296-2-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2296-5-0x0000000000400000-0x0000000001312000-memory.dmp

Filesize
15.1MB

Download
memory/2296-6-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2296-14-0x00000000038E0000-0x00000000038E1000-memory.dmp

Filesize
4KB

Download
memory/2296-15-0x0000000000400000-0x0000000001312000-memory.dmp

Filesize
15.1MB

Download