Analysis
-
max time kernel
35s -
max time network
38s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
07-06-2024 18:54
General
-
Target
Fedoraloader.exe
-
Size
383KB
-
MD5
10c224b7f2471180d3ee88b9fe84a5ea
-
SHA1
9eb4c6d14fc181c0688bdfb31deb2be665afc03d
-
SHA256
8764f94b54312121d417fa7818ba011d3e9d87a54cbdbcb1f1cabe922bbb78e0
-
SHA512
5ee6587ed30880db51be6c6e544af179158e03e1ca391bb64243540adf9d1ffed051f761b77eca605635c189ab355ae66fd780b0e6ff3ba14800764d47b99d92
-
SSDEEP
6144:401B/bQ1LGrOQLPuHrl8XDCph0lhSMXlBXBWHVHLOZPni9Z7vBKe4vGtFYo5:jDQ1LokeWph0lhSMXlCVrlN/tFd
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Fedoraloader.exe"C:\Users\Admin\AppData\Local\Temp\Fedoraloader.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\SystemSettingsBroker.exeC:\Windows\System32\SystemSettingsBroker.exe -Embedding1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservice -s SstpSvc1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s RasMan1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD580648b43d233468718d717d10187b68d
SHA1a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA2568ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9