Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27-12-2023 03:14
Static task
static1
Behavioral task
behavioral1
Sample
9ff69cfd1ba247337859693dc4f23908.exe
Resource
win7-20231215-en
General
-
Target
9ff69cfd1ba247337859693dc4f23908.exe
-
Size
390KB
-
MD5
9ff69cfd1ba247337859693dc4f23908
-
SHA1
d89eb9221a63e31ccfdf160271ba9d6c546678f0
-
SHA256
aca5906ce824a479fd3899591055ce426b2c2000ccf4c4b2f7ee97c21a1edb53
-
SHA512
e432d5a205563b230a55836f8b759aaa76f220b9334c48f6601b971ea4511424d34b24a607eff6067a7d1173bd956f642cf333246afd483fa3fd412dc4b61bfa
-
SSDEEP
6144:sOKO3Dtzcy6i85tGxD/kpkAh71jHaJEx/v9ha:RKO3Dtzi7hM8nm
Malware Config
Extracted
xloader
2.3
b6a4
reviewsresolutions.com
binhminhgardenshophouse.com
nebulacom.com
kadhambaristudio.com
viltoom.club
supmomma.com
tjszxddc.com
darlingmemories.com
hyperultrapure.com
vibembrio.com
reallycoolmask.com
cumbukita.com
brian-newby.com
abstractaccessories.com
marykinky.com
minnesotareversemtgloans.com
prasetlement.com
xplpgi.com
xn--gdask-y7a.com
uababaseball.com
intesmartscale.com
hmwcin.com
pavel-levakov.com
esmebonnell.com
hdyfworldwide.com
shanghaino1milpitas.com
abrosnm3.com
millenialife.info
cgfia.com
sk275.com
anwaltmaier.wien
adminlagu.com
halaltory.com
ketofoodfight.club
mossymilecouture.com
toinfinityandabroad.com
goldstreamradio.com
hs-ciq.net
shedajackson.com
kussharoko.net
superpackersmovers.com
thecarbonbox.store
kayfkitchen.com
remedicore.com
zfozxr.icu
bloodbluemoons.com
vistaonlinedemo.com
tucirculodeideas.com
saanythinghealth.com
codenevisi.com
pickyclick.com
streammsex.com
ledtorchtr.com
louisgrech.com
realdocumentsforsale.com
compragospel.com
starlet5.xyz
phasmaelectro.com
kos-living.com
casamattapm.com
ievapavulane.com
wakeupwithfreedom.com
matkomiljevic.com
leonaprojects.com
miraculousventures.com
Signatures
-
Xloader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2052-2-0x0000000000400000-0x0000000000428000-memory.dmp xloader -
Suspicious use of SetThreadContext 1 IoCs
Processes:
9ff69cfd1ba247337859693dc4f23908.exedescription pid process target process PID 3056 set thread context of 2052 3056 9ff69cfd1ba247337859693dc4f23908.exe 9ff69cfd1ba247337859693dc4f23908.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
9ff69cfd1ba247337859693dc4f23908.exepid process 2052 9ff69cfd1ba247337859693dc4f23908.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
9ff69cfd1ba247337859693dc4f23908.exepid process 3056 9ff69cfd1ba247337859693dc4f23908.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
9ff69cfd1ba247337859693dc4f23908.exedescription pid process target process PID 3056 wrote to memory of 2052 3056 9ff69cfd1ba247337859693dc4f23908.exe 9ff69cfd1ba247337859693dc4f23908.exe PID 3056 wrote to memory of 2052 3056 9ff69cfd1ba247337859693dc4f23908.exe 9ff69cfd1ba247337859693dc4f23908.exe PID 3056 wrote to memory of 2052 3056 9ff69cfd1ba247337859693dc4f23908.exe 9ff69cfd1ba247337859693dc4f23908.exe PID 3056 wrote to memory of 2052 3056 9ff69cfd1ba247337859693dc4f23908.exe 9ff69cfd1ba247337859693dc4f23908.exe PID 3056 wrote to memory of 2052 3056 9ff69cfd1ba247337859693dc4f23908.exe 9ff69cfd1ba247337859693dc4f23908.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ff69cfd1ba247337859693dc4f23908.exe"C:\Users\Admin\AppData\Local\Temp\9ff69cfd1ba247337859693dc4f23908.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9ff69cfd1ba247337859693dc4f23908.exe"C:\Users\Admin\AppData\Local\Temp\9ff69cfd1ba247337859693dc4f23908.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2052-2-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/2052-4-0x00000000008B0000-0x0000000000BB3000-memory.dmpFilesize
3.0MB
-
memory/3056-0-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3056-1-0x0000000000230000-0x0000000000232000-memory.dmpFilesize
8KB