Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28-01-2024 04:27

General

  • Target

    LordsMobileBot.exe

  • Size

    200.3MB

  • MD5

    800f8861421f562b2ec25ef99ea53d7c

  • SHA1

    c920b98212f27c4735dbeb1279791b490775a5d9

  • SHA256

    b380bc2b932a5ed4f1899cbdfae2e04e33ad401df9109ae45bbb95192316d35d

  • SHA512

    a93f6d78bb5afd127de46217cfc9a92dd2c6c0997ca4baf97cba7d4c4071c8a9069969c2b9c4ad69fa042864bf6343db6eb2a1096205abe3b05c2a3070a6467f

  • SSDEEP

    6291456:sk1WAOfraPInVSWAOfraPkWAOfraPZYWAOfraP5WAOfraPeWAOfraPgP:VdP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LordsMobileBot.exe
    "C:\Users\Admin\AppData\Local\Temp\LordsMobileBot.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Users\Admin\AppData\Local\Temp\Updater.exe
      "C:\Users\Admin\AppData\Local\Temp\Updater.exe" --no-diag
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DN40B6560D6598ABA0\HVMRun64.dll

    Filesize

    4.3MB

    MD5

    21184c4444b13c67546c7acf7f6ad8e3

    SHA1

    806fb111900a0ec8bee1f658c6828b9e005f1111

    SHA256

    14f61c269509eb27083883d5e8edcf9ed14f3b62cfbfb69f4f7434d64a7fa924

    SHA512

    9c55f71051f7c83d8644c7eaf500a5ea887aa75886480fcb607e3540f482afde0cc11396e3c2be936bd6418ce76a752132391c97b2620927a9a694eee99380eb

  • memory/864-15-0x00000000004D0000-0x000000000051A000-memory.dmp

    Filesize

    296KB

  • memory/864-16-0x0000000074630000-0x0000000074DE0000-memory.dmp

    Filesize

    7.7MB

  • memory/864-17-0x0000000005430000-0x00000000059D4000-memory.dmp

    Filesize

    5.6MB

  • memory/864-18-0x0000000004F20000-0x0000000004FB2000-memory.dmp

    Filesize

    584KB

  • memory/864-19-0x0000000005160000-0x0000000005170000-memory.dmp

    Filesize

    64KB

  • memory/864-20-0x00000000050B0000-0x00000000050BA000-memory.dmp

    Filesize

    40KB

  • memory/864-22-0x0000000074630000-0x0000000074DE0000-memory.dmp

    Filesize

    7.7MB

  • memory/3664-6-0x00007FFD75990000-0x00007FFD75E8E000-memory.dmp

    Filesize

    5.0MB

  • memory/3664-11-0x00007FFD764D0000-0x00007FFD76632000-memory.dmp

    Filesize

    1.4MB

  • memory/3664-23-0x00007FFD75990000-0x00007FFD75E8E000-memory.dmp

    Filesize

    5.0MB