Overview

overview

7

Static

static

3

Loader.exe

windows7-x64

7

Loader.exe

windows10-2004-x64

7

Loader.pyc

windows7-x64

3

Loader.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    17-02-2024 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader.exe

  • Size

    37.3MB

  • MD5

    8cd0d008be24ccab19c5cd9892640ad7

  • SHA1

    a7574dc239c8ed4267f8c0291d261c05b7317340

  • SHA256

    37a5aed8e8c4d56a9bffed1975aabde0f7042cbc5ee3ec466eff3644847d2de2

  • SHA512

    82253aaf7ac1a1814893b28338bd2ed0c59db77d679c010c05c98af2efb9ba6f01c14adf5f93f77116d4f1540a82ebc5b5e266b90e77d28dd7623d92b0043250

  • SSDEEP

    196608:hrKcMmWih8FwjTqopVmD0LYeNYiFJMIDJRZgsAGKlR2ftk2cbN2wFLcbVM3:FKc9WLFx4w0LXpFqyLgsSmxcbQccx

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\AppData\Local\Temp\Loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
      2⤵
      • Loads dropped DLL
      PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20282\python310.dll
    Filesize

    118KB

    MD5

    999d998ee66d5c1107518a553b3c4295

    SHA1

    280558150156b4d93b69ebb1038d1f26037d4ef4

    SHA256

    788b8f0d6ca2a69fba94d4756ebcf34e542d49c12ba34b2c6d9db6581606ae65

    SHA512

    9be36e1959f83b67f8fe953bc7a48b50129e0680297c948a2c1a7ccd091835ac6a7532a846069bdde14a47941c50a5add1f327f9e3260ae5ad6de8786c5cae5d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI20282\python310.dll
    Filesize

    1.4MB

    MD5

    bbcb74867bd3f8a691b1f0a394336908

    SHA1

    aea4b231b9f09bedcd5ce02e1962911edd4b35ad

    SHA256

    800b5e9a08c3a0f95a2c6f4a3355df8bbbc416e716f95bd6d42b6f0d6fb92f41

    SHA512

    00745ddd468504b3652bdda757d42ebe756e419d6432ceb029ed3ccde3b99c8ae21b4fc004938bb0babaa169768db385374b29ac121608c5630047e55c40f481

    Download Submit

  • memory/2316-90-0x000007FEF60F0000-0x000007FEF655E000-memory.dmp

    Filesize

    4.4MB

    Download