Overview
overview
3Static
static
3Anvil_Load...2).zip
windows10-1703-x64
1Anvil_Load...2).zip
windows10-2004-x64
1Anvil_Load...2).zip
windows11-21h2-x64
1v2.4/Anvil Loader.exe
windows10-1703-x64
1v2.4/Anvil Loader.exe
windows10-2004-x64
1v2.4/Anvil Loader.exe
windows11-21h2-x64
1v2.4/msdia140.dll
windows10-1703-x64
1v2.4/msdia140.dll
windows10-2004-x64
1v2.4/msdia140.dll
windows11-21h2-x64
1v2.4/symsrv.dll
windows10-1703-x64
1v2.4/symsrv.dll
windows10-2004-x64
1v2.4/symsrv.dll
windows11-21h2-x64
1Analysis
-
max time kernel
15s -
max time network
18s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
12/06/2024, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
Anvil_Loader_v2.4 (2).zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Anvil_Loader_v2.4 (2).zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Anvil_Loader_v2.4 (2).zip
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
v2.4/Anvil Loader.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
v2.4/Anvil Loader.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
v2.4/Anvil Loader.exe
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
v2.4/msdia140.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
v2.4/msdia140.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
v2.4/msdia140.dll
Resource
win11-20240508-en
Behavioral task
behavioral10
Sample
v2.4/symsrv.dll
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
v2.4/symsrv.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
v2.4/symsrv.dll
Resource
win11-20240611-en
General
-
Target
v2.4/symsrv.dll
-
Size
136KB
-
MD5
54559270b6e12274e07fb547aa415fd4
-
SHA1
d676a5c42874d6b69bbf7c950f404d7f0bf20ed2
-
SHA256
cc36f89b0fd793f1cd189c68f6f430f934ae9c9e23871739de09c84f67035183
-
SHA512
17e6a29ef00971ef2796e18a5e9f33950e9f7ddb25ea6e9f0eed082eb8aa4dd7366c795fcbf6c6fa19a4e47ef3c8f6244202f65915c4accb02941bbc40500f66
-
SSDEEP
3072:cPeB8Zm6xTuaTe5l477ZhB59X5Z4B8RlgGUmh9AD/tA25P:y3UaPF8Bk+GUs9AD1AoP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 204 wrote to memory of 812 204 rundll32.exe 74 PID 204 wrote to memory of 812 204 rundll32.exe 74 PID 204 wrote to memory of 812 204 rundll32.exe 74