Overview

overview

9

Static

static

7

Loader/Per...er.bat

windows10-1703-x64

1

Loader/Per...er.bat

windows10-2004-x64

1

Loader/Render.exe

windows10-1703-x64

9

Loader/Render.exe

windows10-2004-x64

9

Loader/app..._2.exe

windows10-1703-x64

9

Loader/app..._2.exe

windows10-2004-x64

9

Loader/checker.exe

windows10-1703-x64

1

Loader/checker.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    128s
  • max time network
    130s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/03/2024, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader/checker.exe

  • Size

    89KB

  • MD5

    818d090723ae48a45926a1ce0d6908d4

  • SHA1

    e8db4f88fd48e65b600384cc1f35fbb159d0e365

  • SHA256

    97b2611530393fda8377b0bac136c8960afea7fccba321faecb5927c3c971321

  • SHA512

    14a97597f51ef967fc2ea453ec86719ea733a698d08e1b4a71edfcce86cc51dca0c090d68a1fe750dd699481dae82e29690119670d39c253776e7c79cf2dfb89

  • SSDEEP

    1536:b7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfgwD:37DhdC6kzWypvaQ0FxyNTBfgm

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader\checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader\checker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Windows\System32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\72AF.tmp\72B0.tmp\72B1.bat C:\Users\Admin\AppData\Local\Temp\Loader\checker.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic diskdrive get model, serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:5044
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic cpu get serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2384
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic bios get serialnumber
        3⤵
          PID:1948
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic baseboard get serialnumber
          3⤵
            PID:868
          • C:\Windows\System32\Wbem\WMIC.exe
            wmic path win32_computersystemproduct get uuid
            3⤵
              PID:4772
            • C:\Windows\system32\getmac.exe
              getmac
              3⤵
                PID:4400

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\72AF.tmp\72B0.tmp\72B1.bat
                  Filesize

                  464B

                  MD5

                  d6f1601b51ec89079d3578de0140697b

                  SHA1

                  94c4f537ec4bb9bef34cc9ecf1dadefba7a2a293

                  SHA256

                  0a878891fb1dfb50ca41f954121e8b9540ff78b42abb9d7fe492cbdf675fe551

                  SHA512

                  4f6831c48357a4a4b1c15692387f2121f3e5bf86a793fdbfd8881e17a0e92573bd8257ef385b503799a0222674ce378d7e272dcd2c9b6ffd60e56d1cdb1eb0f9

                  Download Submit