c9c660914e4d58a6e0dd460afae6e4af288c9f191ad8592dc95db5a69868fc70

max time kernel
316s
max time network
386s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11-05-2024 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loader.exe
Size

347KB
MD5

1cb742cb95699d994e1cc6810c6f7642
SHA1

103ea603322859742a3e51c5e517a927b9dcd40c
SHA256

c9c660914e4d58a6e0dd460afae6e4af288c9f191ad8592dc95db5a69868fc70
SHA512

79f9a70232b3470ef9386d9b3d987b5370d0562959315d8239509000a1aa9274b13cecc4c6c871cd4d258a0cd19d30574e3280edd54fb108b6ffca7d8c7e4795
SSDEEP

6144:RrwFDD0tZzmf7GxMLEYaEzE2d9JK5/J1pZKM35QM6KkfiruhbOuzB:Rg07e7seE2dK71rKu5Q6kfirIbOuF

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Loader.exe

description	pid	Process
Token: SeDebugPrivilege	4588	Loader.exe

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:4064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\CompareBlock.mpeg

Filesize
316KB

MD5
0c017a18860771b2cb79a5e94a20f039

SHA1
feaafc65fac22e00277a63420422a861898dc877

SHA256
568d546eab16c47ae54bbda462e0921e379664a5e47546693455995dc0eb126c

SHA512
45908d75e14a9b6db81af1f4f7f90d5c2a3f53a47be6d2919e111c3827d3d0d2bb16fd5c264be635a941b4e30047eb95df8168173973f7cd19bafa5ad6a2cc13

Download Submit
C:\Users\Admin\AppData\Roaming\CompressWatch.css

Filesize
209KB

MD5
32e25db28dd57e9555c2ae91ee1b67f0

SHA1
c0e86f388f2230490849efd410a5d3f490ec62dd

SHA256
fa688b3aa9e1bdb96e5c434b665f6e76f0608845e255fa7db5df01d5422b7c0b

SHA512
480335b08f3fa39f88f61e4c9a3131ba429d94e359d6f36e13957c1b8d733555286f5f631c89677119c6c6b41344eaa576ab3efcf31f4b80e3d9d4b3cdbd3d97

Download Submit
C:\Users\Admin\AppData\Roaming\ConfirmApprove.sql

Filesize
366KB

MD5
1b493ea4a3c2d18576494ce5c7fbed7c

SHA1
e2f12b09bdd26b0bc7edf3274413927633db4e91

SHA256
7c78fb75c58f918be01d6bb27fe13096e822efd6c2217472c9471672c1ab66ae

SHA512
0c47e023779d5cbe7eed07ac97b6e725506b0218a4f2f38e84b9b4d9e7e6e82379b491f70a138167b28bf307bf2d18c257da4d4506db2988f9db7f5b138e43e6

Download Submit
C:\Users\Admin\AppData\Roaming\ConvertClose.rtf

Filesize
275KB

MD5
316d92a852a9a159060f2da51cd10f2a

SHA1
895936f5a3657aec86b45bd6dfe73a1e00b0b762

SHA256
79dd97a18aa12a34daf75ce02135be38627b1d1a367e9b10bc72cebef93f43d4

SHA512
ada6950642d8de504b23c267a9c99de1682cc9dd6e9b7fe359101490b8d9435d7d8f2d5d5e1ef14fc42844a40ce8aeacf37ca1a85369f53c0b900afdbee0c38d

Download Submit
C:\Users\Admin\AppData\Roaming\ConvertFromApprove.potm

Filesize
341KB

MD5
4514e6756c1aa7f73ddcc30a086fb066

SHA1
33793ff8bb64bb290ec198e3dfc42c1fd5a11271

SHA256
a348802d38bf0c154fa1279fba466577d9211d4c4140cc3b5aa1f5236491c7a7

SHA512
262f6b701073afc0fe869723d1236a497b537d9238bdda042078080863cd6ae6233ad6cdc9c928d7ef28d1e4cff6246a71a6c363112be3396662117b48c22ac3

Download Submit
C:\Users\Admin\AppData\Roaming\DebugHide.asp

Filesize
324KB

MD5
6e13fdb2a091dd3bde1933230f132f37

SHA1
c2f102f792564b5b0cec1d1c575ca9fa3d4da7b2

SHA256
35945205d6189a5dcfa339252f0a7d93eca89a49b9afe0477711872c3aa53a6c

SHA512
939695397f79dbc9fd721c897ed56ad45e5c3c03ad8f7ed90e1b7985c5c7c5b0ae9ea65445cb6405bc2c03a061d32e450cf0d72882224c96db9363ce2c86c1aa

Download Submit
C:\Users\Admin\AppData\Roaming\DenyConfirm.wma

Filesize
193KB

MD5
cb5a9888c2c5ac0a759d19996d4a9cc5

SHA1
f9f456f9cfef5de72ac183221f83d1e5089f199a

SHA256
c68fb0d5fff070234918800459d40820abc52ca435ec704e0524a0612d45cd63

SHA512
2673aa1e6c6d91a126dbb16e3deba5929701e0fca0669bc4dea1666f659c0eced715addeda5e0033a6ed1d6807b5ae5585723ac1eeae846e9e7faa84bcdf519d

Download Submit
C:\Users\Admin\AppData\Roaming\DisconnectStep.aiff

Filesize
168KB

MD5
970bce9c2ebb537acbb34347de121235

SHA1
92103f3cac97dd366f12eda087d7784b9b18f93f

SHA256
3a23d13441b23a4e9059f7f7354c7da3c952eb6e8e4b343f9f47f07d35f35e02

SHA512
7cd2572c35bb54d119324e9044ac4e73300ccc7574a98ceeebe049f9992e135de0953f5676879716cfc972d7eadc24fe203af0a7b7afccf0087efd07d6545eea

Download Submit
C:\Users\Admin\AppData\Roaming\ExpandConvertTo.mp4

Filesize
349KB

MD5
28f2f42384268bdbe330310a7ece609d

SHA1
d1f00dd58b1c80095b227afa67586c4b05757beb

SHA256
dc911adac315b8b4a5ca9fc3ed40963c2fc2c3c0f9fbbdf8534e4b1a2ef9c781

SHA512
dbe00415ae353640b86042dcfe6cc67988a8c1959e1542674530ff8b39004edd20dac9c5bee4ee554c51147ac7a3685d5b35970ded2faaca3040c2b1edb84c7b

Download Submit
C:\Users\Admin\AppData\Roaming\MeasureClose.tiff

Filesize
399KB

MD5
9139b4a2d90616cdc8e62d7a48be4e87

SHA1
f1fa33fc6aa06b3bbf3501e41294357bdca66ca0

SHA256
4408976732762814fd5fbf31fe7af61a63e02fa7fd6c7dd24369b99b48ae72a1

SHA512
311b9aa4520fa0017c649324684947854da6bae7396e967a244fbd3b702787d67e64fa52b21a539bb0e1f68aefcdb78726049778917ce32785bb4c380d3a6487

Download Submit
C:\Users\Admin\AppData\Roaming\MeasureWrite.cmd

Filesize
423KB

MD5
e006a5b9bb4c84792e158a12cdb2f17e

SHA1
3d46ad5e3d3ab7b4e8d8d01f6f2e4c81a81a4811

SHA256
b11a86ff66a11bd984c383f847bba1bfc47e75421468660c58342cbb997a1dda

SHA512
60f0e8e0a3954fc6d8902199858a369c1ba81d38dc43d825bb23a291c33f4bb2a5c2d95313fd34579e63775146a2c007c3e25ff1fdb6b1dbe155a1fbb99f8393

Download Submit
C:\Users\Admin\AppData\Roaming\NewExpand.mp3

Filesize
333KB

MD5
6118551993ade39cdcfd14822f70aebb

SHA1
bd7f5add272d08df137c663c3a387f604906a274

SHA256
e1b956b4d00e2380ab6e3f31b75c1baed2fbd20cebb7f281ac24d443e0c4b567

SHA512
961ddf5a94238c5d569a1fcada14e81a17ca5f669a8cc7f8f419ce4ed3fd97b29044b007de2d54b7f7fd4bdfdfbd15a274603bbcb91705f89b790b4731b8fc75

Download Submit
C:\Users\Admin\AppData\Roaming\PingUninstall.cab

Filesize
152KB

MD5
f79d99410b7cf63a0534efac12d7f315

SHA1
6f335d0f0e957f8c377e48367ba4f8217b53b1f8

SHA256
5a703d8c683908bc772269eb05ce1b2b8fefc5c6a618c8535e1d0ca3a0bf198b

SHA512
d5c3670ca16f028da404ca377bf10ee73abf0018d9e6b867a60337134c97a1808aeb6e7659fa654f77b4b426ad4c5b036c1ceaab3be185943450646796d388b9

Download Submit
C:\Users\Admin\AppData\Roaming\PopConnect.svg

Filesize
226KB

MD5
dcb290d997e1c6a08288c979545bfc87

SHA1
2cea54e7833835332b585e7b4283274ae4619e4d

SHA256
3708e357a96a78fffb961673463cc2fc067d292a8a573b8d8f535df3403c42b6

SHA512
6f0a9b92c4a03a766e722b93c0f5314f84c6b7250e127f5c692cdcb885a8a46ba770e4f768c7c29bf42baa046f80f203ea8f1f15c07e91732bb0021e592916ab

Download Submit
C:\Users\Admin\AppData\Roaming\PopWatch.html

Filesize
382KB

MD5
7063037560969c858a0b1f399abea925

SHA1
e6a28e2acc6877ab08d3ae91f7bc7c1ec7f9033d

SHA256
6f53c8fd4341cb30b8b8ddafa1e8833a5c081fb5806b0e71e2d5b7af31982996

SHA512
4b4f77c7d4367e58f4b91476b7e83704e7df8fa294c03ece0e63bf007fe79e7e627c11769acb61cde6c85519937660c7133646e7b40eef7e6fb7047095d3cccd

Download Submit
C:\Users\Admin\AppData\Roaming\PublishDeny.reg

Filesize
242KB

MD5
69ce96e9d269f537b3aa25dbc96cd5ec

SHA1
f8c94d589d9045107dc61ab4bf31419b7d79c19a

SHA256
2ef4a83289e498ce6ab6802937d049892e8dba20ce480d9106c1b094534534c4

SHA512
47643b918a5b881b23ed93267522f78e6f8f30a005360ee272a2fb8479c637c321da551a0c1f532be763c8edad65bcb66a12a4d960ed333358c789884fe21b3c

Download Submit
C:\Users\Admin\AppData\Roaming\ReceiveBackup.wvx

Filesize
201KB

MD5
baf6d8bfbbb63c0351170b524212545f

SHA1
76c5ff50e09219ba89e8f603edbf0367dad350ba

SHA256
95180730a727f1c1c037b81347885b7397bdb8bb12261b7ed7ae7b5cf38e2776

SHA512
528584f39451d9e6e63fd11cd2090e531d6907186bab4f5c3475a646008b42843b7013167d723124bde101db6c86e19141cf55f67380278682c06fac4f9a1c3e

Download Submit
C:\Users\Admin\AppData\Roaming\ReceiveLimit.xml

Filesize
415KB

MD5
1d429e1d3a0354efcde9edc9232a857f

SHA1
20b20fbc7dc42188fb3cdfd36715e346e85e716d

SHA256
84da4b43369ad094cc36687907a810067ddff7cf2e13dab8eaad34487cbc7d0d

SHA512
671b783d9531e840f49408347415c81f133d0f7c095a078261b986f136c8bbb6afb89c4cdeb3e8b498c4de8f66765253ed5dfaaae64698cda573ab8a52118fc1

Download Submit
C:\Users\Admin\AppData\Roaming\RegisterPing.xml

Filesize
431KB

MD5
27e004cef7ae3a766a967bc6ed81c66f

SHA1
6d94a25ac875a71db9cd05e47510eacdfa78024a

SHA256
566749efb6e0041822ee5fabd9d9dd8427e0dfedd08602fa0317262c3e0f5acb

SHA512
1fba9ab0c312999ecfe513204ebe71c5e19d31bdd076f780ea26fcac270a47f92eb76573d6bcd4f997ef3ead10ed49540527eb817685311c06453bc2e9753a93

Download Submit
C:\Users\Admin\AppData\Roaming\RequestUpdate.jtx

Filesize
292KB

MD5
f021abf8d0692c169e9b9221ce9da3bc

SHA1
6c817f03898b45c3a485c9be0a581c77e7677f73

SHA256
1e978a21d35f7bb1808efef7f2dacddcee97f59d1e2fa020c104c67f60e5f301

SHA512
879bfe44c62793cb8ba8c35a926b6016f0d5430c20314d657ac0d08443a29b173870925c2dd105ea3622eab467940e497d937945a6477b8b6b630d7d8a061186

Download Submit
C:\Users\Admin\AppData\Roaming\RestartTest.emf

Filesize
267KB

MD5
679a42850fe3dde8cf707e113a97d047

SHA1
1e5d645c2468770656508bcbaa5b974d8c712fc0

SHA256
91220b128ca4cf910c16f6653b567e0ee1fad007ac3181e81fbf0563365ab4c4

SHA512
dea6fcc8a1b2ff50267b2c7dd5856ff32448867e7b9e3e6d4ac97426025db97074457d1e3f740d4b10da61beaba07ab17cf543c8ce6bb378f61f814f52960d9e

Download Submit
C:\Users\Admin\AppData\Roaming\RestorePublish.vsdm

Filesize
160KB

MD5
841cb70459e1946c4f7423b75a606360

SHA1
986c8301426a40bb99f40a77e127a77d8f230e97

SHA256
3b6ed55bd593ccfdeab65f865acc5d8bd4a64683d455250809f6135b7af15ffa

SHA512
973a78f27f7be0656a987f493f934c93ca1c3971945ed3cf8569bbca5a1c0b48f724def9f0be50f15e075d9d3d73022e44cb48d6af092db79d1085ef8616faec

Download Submit
C:\Users\Admin\AppData\Roaming\SelectExpand.mp4

Filesize
300KB

MD5
0e46a0e2216bd7a23ac16cff96cb770e

SHA1
be035931f16117bd871e7cf21fc0271814b25c1d

SHA256
8982a821528f69bf55ca0b19f4141e30163ddae19acdcfed6743c7a6330851cd

SHA512
fd0ce15cb00f8f7937fcf587ec7ad1b28d38bb1f4701e3b0720ce9b1870f34209557e27dc1113dee2a91751474e08bf02b4deb3045775ee0d5151407237562f0

Download Submit
C:\Users\Admin\AppData\Roaming\SendClose.m3u

Filesize
357KB

MD5
ef5da79891527340ac7c4b6ed66ebf80

SHA1
607ccfc1647dcbf771aa59001461e9e142328bb7

SHA256
7f03e1acee457b7f02e9d4e674ee43f03d9e3cf326ad142f3da8fbd28d2744fc

SHA512
649a9225e2b4205bae061a6cac709bced030d2b2fdb6ea19cd2e639b56f4c5a359a6f3f480c558aae75b8686954f6d59ed4b96e601450ee6409b4aaefbdd9a25

Download Submit
C:\Users\Admin\AppData\Roaming\SendRevoke.js

Filesize
234KB

MD5
4f89ac0e3404b2c9879517dbe9883dfa

SHA1
d0e585e9d44889b34ceb9f743e9ca92a4752ef61

SHA256
34666bc5562a93abc5cb83bb811478e7f5942141f8cd3876e942e508a6d61aef

SHA512
cf36f7f1e86f90b362d0435d04b9536c52ea0ccea0a23b0b6aecc368f798875bc7b49cc3f258d1d80774d57be2ccd0f2f5fb4dc23d5228c99f3428df2c2a4ae9

Download Submit
C:\Users\Admin\AppData\Roaming\SplitDismount.aif

Filesize
250KB

MD5
a3558cd4f7eb655fe2b40f3d27233899

SHA1
f9e57cbd519e0224d136b2f0689756872774872f

SHA256
556d43b78c66874511f37eb31b13646448e6fa17a783b973127bdd5e48e59660

SHA512
43def6db775d2dffbcdf1be4fe1054c91386d1401358dd3d37ffc1f329ecc976166ceeb149d196bde4f54fec512c5e246dcc48cea392ed591ed8f2f90caae2ab

Download Submit
C:\Users\Admin\AppData\Roaming\SplitPublish.ttf

Filesize
440KB

MD5
c56b906a38a5767c99eb8de50ede77f4

SHA1
8ff9565be30e852d34949e5c48c95af4512ca4e0

SHA256
b8c08483ee278f5a74d8638d3a353609b9d5083195cabe46eafb29db969fa74f

SHA512
f720787698ccc675a319f0d7c8fa052c90075e5548b95db6dc2810067f6db200b4a06e356388d427d18ce22ea2d0dd2a7044f55b93b286604728c01a3b26ac19

Download Submit
C:\Users\Admin\AppData\Roaming\SplitRead.hta

Filesize
283KB

MD5
140fb4bc489fc544da89e41d31b966be

SHA1
46e569d7425181e7cd41afdb645febd756dfe5ab

SHA256
b8ffee9162eb8b975526520a338df4cc7879535766319a7a79cc22a6224cb093

SHA512
f1943deef7a3d533f0005a5b760d34fcf188b5649f3a7394a56cf708a49282b96b3e04063d2c837cf62125d28ad15b91855a5feaba626f773ca1f6ebc105a95b

Download Submit
C:\Users\Admin\AppData\Roaming\SplitStep.xlsm

Filesize
390KB

MD5
027dceb35b9deb2fad5493162ed4e614

SHA1
ae9215c011ed9e45461323f351db80a4d426d699

SHA256
7ca379b89a27ba3687b94ca4bc2ce41b6bc677c9ba934d14fdd62c28a8fc0ea4

SHA512
07cdb7a5b718aad8234764b72be60346ef9a64b7a05b172ac65a991de7c4d49a5f3fa2e959ea7433a5bc45f67e11616c88db19674bbd3acfc1995eac36752819

Download Submit
C:\Users\Admin\AppData\Roaming\StopConnect.avi

Filesize
374KB

MD5
788b0d3a20bdd3cbb0bba705e1fa2f2a

SHA1
3590e55d4d7bb8b91d52f2e5122e5420b4a14201

SHA256
257ac8b2b26fbc6c7c56e4860940101e76f10a65011ec3c36ff4670bc79733db

SHA512
87958b318ab40e283eb5eaf2594ef6d3b5e389cad046ad385982ed785a4bac238e32264160f5a5a7ad458c9aa0bdb03a4e2431f054591ae30bd5b20000e50034

Download Submit
C:\Users\Admin\AppData\Roaming\SwitchBackup.mpg

Filesize
601KB

MD5
d65d7b93715474ad02ed5db3b0423a0d

SHA1
ecc83b40a9b5ff3da9387fab6c89f290dd5ec61f

SHA256
30d49b942cbde3db1cac03676ec9150c8b167e420399a03e604d2fda0ad1684e

SHA512
8a940d3704025afc2e39ea50a798762f05b115b56201a41d06eb2c5f1ff550cf014a106c2c6cca02dc1368aa8cb46035a8da10e82dc0f829e9880c501b878542

Download Submit
C:\Users\Admin\AppData\Roaming\TestEnter.wpl

Filesize
407KB

MD5
e4d104b3356c05240c7cc478a2bb491d

SHA1
1f4f3ceccdb28f2e38d6465020cf020d112f84da

SHA256
5ec4332c427ba1569cb786eb0c60891110ff472c5ae40739f271fd794884da91

SHA512
0679dcc921935453b7e09818fc96f0034841e946e2275153ea050dc248526a6f4f55f5cd6ad23888115011efaa78fc9031d6d7ace6f3354fac57f78e12c5ee63

Download Submit
C:\Users\Admin\AppData\Roaming\UndoTest.wvx

Filesize
185KB

MD5
0ba36fbb6926f34f18194f9a0f41f619

SHA1
0e3f60d0570546162d7db74c58d15a7ebc24933d

SHA256
7f56559a7c3a0554a94c5e75e891e2f0bf12e3080c0313ef51264eb8d8cbc012

SHA512
4b731ad73731046f57474922f46477dfcf38ac2199804f279cb3ac60e7f4c567c0f94dd85f7f85d8e5b5f06cf89acba971792b4ec1be9c0a35e7ac4bb966921b

Download Submit
C:\Users\Admin\AppData\Roaming\UnprotectConfirm.mp3

Filesize
218KB

MD5
1ad8fa5b34b9ef952559e514fc303daf

SHA1
36015a5bb5ed7cf11d7ea7bd8e5b87e59361be73

SHA256
d6d6fa019d88809ac826b3123f6ca6f000fb50e3c713759736fd3c2e39f795b8

SHA512
7ab61c648fbbeaefcac9ccc2fcd76d54686f398341e83cc6655a9a68e8f3aebaca83d80a75c0f89fd7b834295d763bd72fab70fadd4546a51aa2fa3cbc581185

Download Submit
C:\Users\Admin\AppData\Roaming\UpdateJoin.xls

Filesize
176KB

MD5
e90aab532d1461141fde6ea44eb954e7

SHA1
39c0ba13ae78060af436dbceaba6e9f72f2c9ca9

SHA256
94489e128505c218571fe7bf231a4a7142eb464a72cf4ee15dec8435c6e8c669

SHA512
ab18e241c89e16fa922b21c47d43446c633606bec9b73ca50ba47f9eb44671fb5826ca9fb0918e8ae5b5df67edd5cb2b5a78d958de480a9dbbbc820b2b385e21

Download Submit
C:\Users\Admin\AppData\Roaming\WriteSearch.html

Filesize
259KB

MD5
5309bd50f91301d06dbc5b6b8d2dd258

SHA1
2465fde08a9150144b98a652a5d415efb588ea9f

SHA256
4cf29ea02b48aaefd54fce50ba9eba3181d33ffd44536c313908aaeff8927ba0

SHA512
976b93bdc6a2b43d9c26aa7e2fe5c0b8077c28dc5b98a0e884650861ef14635c287ca37716ec88bdbf06b28c6635b7b38199ad4fb799b57f837fda9856b46509

Download Submit
memory/4588-0-0x00007FFE25063000-0x00007FFE25064000-memory.dmp

Filesize
4KB

Download
memory/4588-1-0x0000000000F90000-0x0000000000FEE000-memory.dmp

Filesize
376KB

Download
memory/4588-2-0x00007FFE25060000-0x00007FFE25A4C000-memory.dmp

Filesize
9.9MB

Download
memory/4588-3-0x00007FFE25060000-0x00007FFE25A4C000-memory.dmp

Filesize
9.9MB

Download
memory/4588-5-0x00007FFE25060000-0x00007FFE25A4C000-memory.dmp

Filesize
9.9MB

Download