6a26709ffb1e62bcd27023a2b906e20ee20e1c4106cbea410a5d77acc5296b0c

Analysis

max time kernel
144s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
23/12/2023, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SLAYER Leecher v0.7.exe
Size

6.6MB
MD5

aa0b6211f5245f25392b74fdbab048eb
SHA1

05c37446aca08847a2688257d0fb138f560b4db2
SHA256

74cb827e0324e02bae1b2632b624ff84bd4bd54b796bb046fa27f557ca8f8674
SHA512

97e44da681f5b7db132cd37b1a6305f45d5ec546a23ae3f55f8a8cd214e5c76d22947d12a844767c88fc1844f297f7ce7a85569859286b3b5816144979d05176
SSDEEP

196608:D15/cj6W2xcU3DNGqNFlVMHa2X9FwKMhU+/Pr:S1tU3DNGIUa2NFYU+L

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1720	SLAYER Leecher v0.7.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe
1720	SLAYER Leecher v0.7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1720	SLAYER Leecher v0.7.exe

C:\Users\Admin\AppData\Local\Temp\SLAYER Leecher v0.7.exe
"C:\Users\Admin\AppData\Local\Temp\SLAYER Leecher v0.7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.4.59444.6\x64\ssapihook.dll

Filesize
67KB

MD5
4d9943a0adc1a3bd1472bdbab649a436

SHA1
f0f36e014a71e21e629cabaa835f39a4e775e092

SHA256
87dd71ac71bca50d9f1179215bbc4a25783c6a959def5c1850683eb41f6b0322

SHA512
21766452cd53a2344c321b042984a08bcb46dac5e2b06dcd25f1a740e4018cb0f90d39b95414febd76d4c1447efc0dcae6dfa1ee176fdfab654a4efd2e705492

Download Submit
memory/1720-17-0x00007FFA66340000-0x00007FFA66341000-memory.dmp

Filesize
4KB

Download
memory/1720-28-0x000001C2F5AE0000-0x000001C2F5AF0000-memory.dmp

Filesize
64KB

Download
memory/1720-3-0x000001C2F5C20000-0x000001C2F5C44000-memory.dmp

Filesize
144KB

Download
memory/1720-4-0x000001C2F5DB0000-0x000001C2F5EBE000-memory.dmp

Filesize
1.1MB

Download
memory/1720-5-0x000001C2F5AE0000-0x000001C2F5AF0000-memory.dmp

Filesize
64KB

Download
memory/1720-1-0x00007FFAC5730000-0x00007FFAC61F2000-memory.dmp

Filesize
10.8MB

Download
memory/1720-10-0x00007FFA662E0000-0x00007FFA662E1000-memory.dmp

Filesize
4KB

Download
memory/1720-11-0x00007FFA662F0000-0x00007FFA662F1000-memory.dmp

Filesize
4KB

Download
memory/1720-12-0x00007FFA64890000-0x00007FFA64891000-memory.dmp

Filesize
4KB

Download
memory/1720-13-0x00007FFA66300000-0x00007FFA66301000-memory.dmp

Filesize
4KB

Download
memory/1720-14-0x00007FFA66310000-0x00007FFA66311000-memory.dmp

Filesize
4KB

Download
memory/1720-18-0x00007FFA66350000-0x00007FFA66351000-memory.dmp

Filesize
4KB

Download
memory/1720-2-0x000001C2F5AE0000-0x000001C2F5AF0000-memory.dmp

Filesize
64KB

Download
memory/1720-16-0x00007FFA66330000-0x00007FFA66331000-memory.dmp

Filesize
4KB

Download
memory/1720-15-0x00007FFA66320000-0x00007FFA66321000-memory.dmp

Filesize
4KB

Download
memory/1720-19-0x00007FFA66360000-0x00007FFA66361000-memory.dmp

Filesize
4KB

Download
memory/1720-20-0x00007FFA66370000-0x00007FFA66371000-memory.dmp

Filesize
4KB

Download
memory/1720-21-0x00007FFA66380000-0x00007FFA66381000-memory.dmp

Filesize
4KB

Download
memory/1720-22-0x00007FFA61630000-0x00007FFA61631000-memory.dmp

Filesize
4KB

Download
memory/1720-23-0x00007FFA61670000-0x00007FFA61671000-memory.dmp

Filesize
4KB

Download
memory/1720-24-0x00007FFA61640000-0x00007FFA61641000-memory.dmp

Filesize
4KB

Download
memory/1720-25-0x00007FFA61680000-0x00007FFA61681000-memory.dmp

Filesize
4KB

Download
memory/1720-26-0x000001C2F5AE0000-0x000001C2F5AF0000-memory.dmp

Filesize
64KB

Download
memory/1720-27-0x00007FFAC5730000-0x00007FFAC61F2000-memory.dmp

Filesize
10.8MB

Download
memory/1720-0-0x000001C2DAEE0000-0x000001C2DB57C000-memory.dmp

Filesize
6.6MB

Download
memory/1720-29-0x000001C2F5AE0000-0x000001C2F5AF0000-memory.dmp

Filesize
64KB

Download
memory/1720-30-0x000001C2F5AE0000-0x000001C2F5AF0000-memory.dmp

Filesize
64KB

Download