Overview

overview

6

Static

static

3

Loader.exe

windows10-2004-x64

6

Loader.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    46s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader.exe

  • Size

    34.8MB

  • MD5

    0e2fbb8ab3ebfb498c8e54990f362d47

  • SHA1

    a10dbcefd278892ab7dec3849db4fcf86e1fcea8

  • SHA256

    f122415acf09511fda3d52e1bed4ad68e43c20ec1c57960f15d5a0aa97f256fa

  • SHA512

    4642d43fb33110343b8d6727c5a92d05d2f3a6dd1754081b215ba8f0ed68d376082aa9ad1cdfa9e4f9dc1b2ee5b63ad41dcbcb5328514b5adc6df4886b25db58

  • SSDEEP

    49152:lVlZYUePctNXxBtO7oDJNXWxKPRzWVRIf/:lVl5k6NXxBnWxQRzWVR

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4852-0-0x00007FF9C6700000-0x00007FF9C71C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4852-1-0x00000212A8800000-0x00000212AAAD4000-memory.dmp

    Filesize

    34.8MB

    Download

  • memory/4852-2-0x00000212C5070000-0x00000212C5080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-4-0x00007FF9C6700000-0x00007FF9C71C1000-memory.dmp

    Filesize

    10.8MB

    Download