Overview

overview

10

Static

static

3

PRODUCT_Pa...of.rar

windows7-x64

10

PRODUCT_Pa...of.rar

windows10-2004-x64

7

PRODUCT Pa...52.txt

windows7-x64

1

PRODUCT Pa...52.txt

windows10-2004-x64

1

PRODUCT Pa...NS.txt

windows7-x64

1

PRODUCT Pa...NS.txt

windows10-2004-x64

1

PRODUCT Pa...ER.exe

windows7-x64

5

PRODUCT Pa...ER.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14-02-2024 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PRODUCT Panty Poof/SPOOFER LOADER.exe

  • Size

    895KB

  • MD5

    512a21a95db27f67bbf385b4b68f6aa8

  • SHA1

    c5ab6cced5b8f146f3a0296532e59d0c5a3ae0ea

  • SHA256

    ac6ee3886816b257e372a5b7b54ff006c2125f523b04e75d8c531b0a8c81c81d

  • SHA512

    f4b45aee392d373abd026462bafdad38a37300c8db52d707f572b3fff8ee8a140c6fe514fc55d5257e9d225d1e29b57adc55b9f5408743e25d620c32512e9c07

  • SSDEEP

    24576:mrovWp6faeGgjjsrdcAONdA22xVK8LRPo4WDD9/wr9WTEHd3:FvWECQn/m

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PRODUCT Panty Poof\SPOOFER LOADER.exe
    "C:\Users\Admin\AppData\Local\Temp\PRODUCT Panty Poof\SPOOFER LOADER.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color F1
      2⤵
        PID:3040
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:2972

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads