Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/04/2024, 13:20
Static task
static1
Behavioral task
behavioral1
Sample
Spoofer.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Spoofer.exe
Resource
win10v2004-20240226-en
General
-
Target
Spoofer.exe
-
Size
2.1MB
-
MD5
382d1136a20e58b8bbcc7fffe5ce8d2b
-
SHA1
9779688fee4642fd0dde3d58f7d86dbeb8a4909e
-
SHA256
27fa9de0fad33e7dbed3a1d5d1c50fe843574062a87b34fb3617be1c77ba1391
-
SHA512
eaf873631e4f9f43eb2912d5b86c5d317e7042233e68dfb9b9efcd85d95b80f3e996b84ae312bbdb33f5e7d18218a5531225ca72ded7388fbb8fbc4a636a1990
-
SSDEEP
49152:QMdhRi0P2enkqXfd+/9ATrgBWBKH8jkDVFCNXODzWS9HfX0H:LdvtnkqXf0F9+KH4kpc+DX/0H
Malware Config
Signatures
-
Downloads MZ/PE file
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RebrandPanel = "C:\\ProgramData\\MonsterLoader\\DRae8u8OCyxP8i0tFpC8GxWBoKCzOSwi.exe" Spoofer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2332 Spoofer.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2332 Spoofer.exe 2332 Spoofer.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\RebrandPanel\Spoofer.exe_Url_rzimjvkqzs3p25w0ufvllpw5uauqzjcy\1.0.0.0\user.config
Filesize815B
MD5536a33ecf0fb78cfb1fcd47a4383f3be
SHA1fbeb0fd002dfb9275a7ca907469b5ba7ef49912a
SHA25639de6fc661b8668d4a390e1b6cf7738aa1d92de643979faedda77f42233bd718
SHA512e755ee08a771748418054e6a879eedfa47998dba3a5fea86a20f44eb2d31ad43dc4649039d9fe5248c7b66f5f85e97fa7d0defd3de9691bdca9b4faecbda3f13
-
C:\Users\Admin\AppData\Local\RebrandPanel\Spoofer.exe_Url_rzimjvkqzs3p25w0ufvllpw5uauqzjcy\1.0.0.0\user.config
Filesize816B
MD505c3e4429f24328a7f1d975027291a6f
SHA1e056876d6d73f20cd2c84bc34ed83f921a7da10a
SHA256f2075f63ad8eca2f767e295064d157d32c627267ad6cac1eb73992f9c6f09c88
SHA512e062658cff25d7a01b203f5ed60cf34fdd6f9fb7ab4189c046f0c6288e6951d0c680de77596e8bd86debf0738385a6f3438913bee861cd0e68f8c62b22ee497d