b77e06dc08e2cbd42de7f614e6520e90f47e247fb3e4669b3381bf3191f3c1a7 | Triage

Resubmissions

22/02/2024, 22:13 UTC

240222-15g7gsfg2v 3

22/02/2024, 22:12 UTC

240222-14sxlagb73 3

Analysis

max time kernel
150s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
22/02/2024, 22:13 UTC

Sharing

Report Analysis Logs

General

Target

Loader.exe
Size

42KB
MD5

6ba02ef0dc7a955e7a3bba8459151809
SHA1

67ac7f8a1e0dd1a176468c3adab87e605a328ddb
SHA256

7e67c9b1e4bbe8d7ece19b0e4a7a626ad95b21903ee8682027444f12b6cd2067
SHA512

9935e203875d4c9fee32a0a631bb07bde39ac8e3814efe82c10c755b8461fcf67d98fb6094729ec1857afb81946f9e6d8f0817347a398dad2414caa549e88cec
SSDEEP

768:Kv5Xy+Vn+/hEHb1/zE5/Jb6v6p8HBEbtETHvUkM:Gy+R+eHypCmbqr8F

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe
2912	Loader.exe

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2912

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s fdPHost
1⤵
PID:1404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4700

Network

DNS

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

Remote address:

8.8.8.8:53

Request

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

IN PTR

Response
DNS

18.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.173.189.20.in-addr.arpa

IN PTR

Response

No results found

239.255.255.250:3702

fdPHost

2.6kB
4
239.255.255.250:3702

fdPHost
8.8.8.8:53

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

dns

118 B
182 B
1
1

DNS Request

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
8.8.8.8:53

18.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

18.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads