privateloader | b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0 | Triage

Analysis

max time kernel
143s
max time network
130s
platform
windows7_x64
resource
win7-20240221-es
resource tags

arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
submitted
04/05/2024, 14:48

Sharing

Report Analysis Logs

General

Target

avformat-59.dll
Size

14.8MB
MD5

73719d8f1cc65ebce26a5e2959b92bc4
SHA1

3b27af34a204c0feebe1ff217880ea90d6341584
SHA256

2072e00d0c821eff03b22cfafdc164404ec7a15c2cee28520184efe6fd97bee6
SHA512

2d19463188bd36cc7cfa1b18c3bb4e58642d14cab12cf8653730f93260a9c2e0e8101e768d30ca22ba26887d2abb11ea8f407203df50a4de754dc7f019b6c395
SSDEEP

196608:+EizaE5RwATgZaqd+KPRkbTNV/3Ew/1g3wg7T:+RRlY+GRkbTT3HgXT

Score

10^/10

privateloader loader

Malware Config

Signatures

PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2864	2332	rundll32.exe	28
PID 2332 wrote to memory of 2864	2332	rundll32.exe	28
PID 2332 wrote to memory of 2864	2332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\avformat-59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2332 -s 248
  2⤵
  PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-0-0x000007FEF3C50000-0x000007FEF4C23000-memory.dmp

Filesize
15.8MB

Download
memory/2332-2-0x000007FEF5A00000-0x000007FEF5C03000-memory.dmp

Filesize
2.0MB

Download
memory/2332-3-0x000007FEF73F0000-0x000007FEF7498000-memory.dmp

Filesize
672KB

Download
memory/2332-1-0x000007FEEA730000-0x000007FEEF639000-memory.dmp

Filesize
79.0MB

Download