Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
19-06-2024 03:07
Behavioral task
behavioral1
Sample
Loader_V3.3.exe
Resource
win10-20240404-en
General
-
Target
Loader_V3.3.exe
-
Size
20.8MB
-
MD5
d4edd6a15e3ef661e9a46187809e3f41
-
SHA1
11611e161e08d6314fb470544266143a56e15006
-
SHA256
6651adb80fc46758b48200415de303a3e9bd880032317a6e371f86a277477a9a
-
SHA512
18fae34b2c643a4948d066a04359a2e5f4bfed8e7405addd46c49cc2c07bfafdbcd9b409e76986ca8ac4934e18eb1cb1157af668293aa5405bbe8c4135e9aec4
-
SSDEEP
393216:mu7L/5hY56L01+l+uq+Vv3InEroXgQ/sKkXglTQq3+d9e5EW8nviM2zNvFw4i:mCLxOm01+l+uqgvYErUgQ/oOOd9eeW8v
Malware Config
Signatures
-
Loads dropped DLL 57 IoCs
Processes:
Loader_V3.3.exepid process 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
Loader_V3.3.exepid process 4240 Loader_V3.3.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Loader_V3.3.exedescription pid process Token: SeDebugPrivilege 4240 Loader_V3.3.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
Loader_V3.3.exepid process 4240 Loader_V3.3.exe 4240 Loader_V3.3.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
Loader_V3.3.exeLoader_V3.3.execmd.exedescription pid process target process PID 4924 wrote to memory of 4240 4924 Loader_V3.3.exe Loader_V3.3.exe PID 4924 wrote to memory of 4240 4924 Loader_V3.3.exe Loader_V3.3.exe PID 4240 wrote to memory of 1280 4240 Loader_V3.3.exe cmd.exe PID 4240 wrote to memory of 1280 4240 Loader_V3.3.exe cmd.exe PID 4240 wrote to memory of 3644 4240 Loader_V3.3.exe cmd.exe PID 4240 wrote to memory of 3644 4240 Loader_V3.3.exe cmd.exe PID 3644 wrote to memory of 780 3644 cmd.exe mode.com PID 3644 wrote to memory of 780 3644 cmd.exe mode.com PID 4240 wrote to memory of 3520 4240 Loader_V3.3.exe cmd.exe PID 4240 wrote to memory of 3520 4240 Loader_V3.3.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Loader_V3.3.exe"C:\Users\Admin\AppData\Local\Temp\Loader_V3.3.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Users\Admin\AppData\Local\Temp\Loader_V3.3.exe"C:\Users\Admin\AppData\Local\Temp\Loader_V3.3.exe"2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4240 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:1280
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode con: cols=55 lines=203⤵
- Suspicious use of WriteProcessMemory
PID:3644 -
C:\Windows\system32\mode.commode con: cols=55 lines=204⤵PID:780
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls3⤵PID:3520
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
Filesize
59KB
MD5005a179ade9b170bfc073e6faffc40ee
SHA1d355029998565fe670bc8d2947b6ff697047a46a
SHA2563ea0d07f4a434c172655e6e8012339486368d355c542606bc1bcbe0cabd7f874
SHA512da2c6558ff43a6261fbb7fd9f6b57707bd44a8473911d6bc144d835b847105e1229aa0727fffb2ab0790e083bad77eb778a9d175cdaf6f8f3142e88c8aa9986a
-
Filesize
801KB
MD5ee3d454883556a68920caaedefbc1f83
SHA145b4d62a6e7db022e52c6159eef17e9d58bec858
SHA256791e7195d7df47a21466868f3d7386cff13f16c51fcd0350bf4028e96278dff1
SHA512e404adf831076d27680cc38d3879af660a96afc8b8e22ffd01647248c601f3c6c4585d7d7dc6bbd187660595f6a48f504792106869d329aa1a0f3707d7f777c6
-
Filesize
78KB
MD5e877e39cc3c42ed1f5461e2d5e62fc0f
SHA1156f62a163aca4c5c5f6e8f846a1edd9b073ed7e
SHA2564b1d29f19adaf856727fa4a1f50eee0a86c893038dfba2e52f26c11ab5b3672f
SHA512d6579d07ede093676cdca0fb15aa2de9fcd10ff4675919ab689d961de113f6543edbceecf29430da3f7121549f5450f4fe43d67b9eab117e2a7d403f88501d51
-
Filesize
116KB
MD5c8f57695af24a4f71dafa887ce731ebc
SHA1cc393263bafce2a37500e071acb44f78e3729939
SHA256e3b69285f27a8ad97555bebea29628a93333de203ee2fae95b73b6b6d6c162b1
SHA51244a1fb805d9ef1a2d39b8c7d80f3545e527ab3b6bfc7abd2f4b610f17c3e6af2ae1fed3688a7cc93da06938ae94e5e865b75937352d12f6b3c45e2d24b6ab731
-
Filesize
57KB
MD54fb84e5d3f58453d7ccbf7bcc06266a0
SHA115fd2d345ec3a7f4d337450d4f55d1997fae0694
SHA256df47255c100d9cc033a14c7d60051abe89c24da9c60362fe33cdf24c19651f7c
SHA5121ca574e9e58ced8d4b2a87a119a2db9874cd1f6cedef5d7cbf49abf324fb0d9fb89d8aac7e7dfefbeb00f6834719ed55110bcb36056e0df08b36576ffd4db84c
-
Filesize
44KB
MD59873f4d9fcfb5e4eb84f8a23ce2945a6
SHA13672a6c07b2109f4ef96123babfed032d237b57b
SHA256155401462e95dbb1a6e45b0c0ffe0549f682bfeec39d4bb02c46c4cce5560cac
SHA512b201e1f98f53dc8e7379e7d13fc83cbf9540fddd0ba8bda123e4abd4c2bb0887ca616f136a2fc549a27c2c232988f9ffb51bac7dea9a3df7ed32b24d538364e3
-
Filesize
26KB
MD57e7d6da688789aa48094eda82be671b7
SHA17bf245f638e549d32957a91e17fcb66da5b00a31
SHA2569ad5bcf2a88e1ffff3b8ee29235dc92ce48b7fca4655e87cb6e4d71bd1150afb
SHA512d4c722e741474fe430dd6b6bd5c76367cc01ae4331720d17ed37074ad10493cc96eb717f64e1451e856c863fbb886bdc761d5a2767548874ba67eabf57ac89bd
-
Filesize
152KB
MD5cf2f95ecf1a72f8670177c081eedeb04
SHA16652f432c86718fed9a83be93e66ea5755986709
SHA256ba6025ab22d8e6c5ad53c66dc919f219a542e87540502905609b33dc0a8dddd8
SHA5127e5df920f6acb671e78078e9c4fa3278ae838ea6bef49c0ae44de6a79923a3d7bccf0fb3f0e477ca5092e23450494dee265d8735b24d8026456e1328f6fe8b2e
-
Filesize
59KB
MD5c76da9cb5af654367036201cd6b77a96
SHA13a8a41c728cfc17556dcb0cbcd762aae4cbc8239
SHA256e616f850e6905d5f5f1c821a5c39360090444555c1444f97bd2313f4cb99aaf4
SHA512d91b1027d2ff6e3491c62f2fbc9942e75d76795cc9d48fef423378d69eb8d813add17c8dacb4cea252c5f2cc13b8550057dae41a1de8ffdb720099efca66370c
-
Filesize
1.0MB
MD51c4ff220d9036098a58635b717e7b237
SHA10b652b6da4402ccce0e8b53a1641cff47054b708
SHA25630c271ebe66e87fcb2709f4f89c62b449ccdd66af3e4edf89bdf8ed37c4a1c3d
SHA5126b191c35f2372decbad1e5a8c3e4eefd21630452fee8c8d0ab552efd1156d4b6e014cbbb77988f89c4f82d85c234ccc822326ce11ff8637443f84e32a99a5057
-
Filesize
268KB
MD559a15f9a93dcdaa5bfca246b84fa936a
SHA17f295ea74fc7ed0af0e92be08071fb0b76c8509e
SHA2562c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524
SHA512746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7
-
Filesize
10KB
MD50e2a2addd0d5b21193dbaae162604181
SHA1526b25822b2571307fe8d4208c83227c0c64cb10
SHA256ab0a8fd8f085766a2a7001380e6ee219d5ae68d0194498eeb8d3866f922fbcae
SHA5126e0f0fa11fff0853e4063f5e1a526936cd682303f94b13da0bd4fb6b2da5efdbb3acb378951508ee3a2dea7f7e2c1d6f968e00ae63d1b6063cc2ad932a3856e9
-
Filesize
3.3MB
MD563c4f445b6998e63a1414f5765c18217
SHA18c1ac1b4290b122e62f706f7434517077974f40e
SHA256664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2
SHA512aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd
-
Filesize
678KB
MD5bd857f444ebbf147a8fcd1215efe79fc
SHA11550e0d241c27f41c63f197b1bd669591a20c15b
SHA256b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf
SHA5122b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a
-
Filesize
5.4MB
MD503a161718f1d5e41897236d48c91ae3c
SHA132b10eb46bafb9f81a402cb7eff4767418956bd4
SHA256e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807
SHA5127abcc90e845b43d264ee18c9565c7d0cbb383bfd72b9cebb198ba60c4a46f56da5480da51c90ff82957ad4c84a4799fa3eb0cedffaa6195f1315b3ff3da1be47
-
Filesize
75KB
MD55e9fc79283d08421683cb9e08ae5bf15
SHA1b3021534d2647d90cd6d445772d2e362a04d5ddf
SHA256d5685e38faccdf97ce6ffe4cf53cbfcf48bb20bf83abe316fba81d1abd093cb6
SHA5129133011ae8eb0110da9f72a18d26bbc57098a74983af8374d1247b9a336ee32db287ed26f4d010d31a7d64eacdc9cf99a75faab194eff25b04299e5761af1a79
-
Filesize
187KB
MD54135f7cc7e58900575605b7809ef11f9
SHA1500c2d16d0d399ab97db65ca5dc4f9a40925695d
SHA25666b14ebdd917f046315b666f841ea54a32760ecd624863071da8d3f1fd24459b
SHA512c677c1e97e682213245641155210919278b8917e6ed2df756dd181809dd16555b700a063514c327cd8da3183b8d3f492b4b143ed076702889c35a1f53e663686
-
Filesize
4.3MB
MD5316ce972b0104d68847ab38aba3de06a
SHA1ca1e227fd7f1cfb1382102320dadef683213024b
SHA25634f0e44a0d089587e1ea48c1cc4c3164a1819c6db27a7c1b746af46d6388c26e
SHA512a11da6590a71d977c62b1c26c275763413f6a455e6d85fa052654d05d845dbbe8122bbd8e0a23887f9873d4291382ebbd5df19674ad2dda1cf0ff3206054939b
-
Filesize
1.1MB
MD5a707d8fd58b6f86309fed78b776056fe
SHA1b93897110ad08d663882bfd663eb5f65a6d90283
SHA256132abd5b67bdbac065d9be01764f11ce2b2bd0bffc0eb34b8e2b259986f15602
SHA512afed355bcf81978f4a03f8d63f30dfc8a1de9791412e88fbb0c53b3686549886b3ebb4716ba505b42e9335c5119b340aa0bea89da1f5b64868aba2a6e433c30f
-
Filesize
131KB
MD5ceb06a956b276cea73098d145fa64712
SHA16f0ba21f0325acc7cf6bf9f099d9a86470a786bf
SHA256c8ec6429d243aef1f78969863be23d59273fa6303760a173ab36ab71d5676005
SHA51205bab4a293e4c7efa85fa2491c32f299afd46fdb079dcb7ee2cc4c31024e01286daaf4aead5082fc1fd0d4169b2d1be589d1670fcf875b06c6f15f634e0c6f34
-
Filesize
24KB
MD5589f030c0baa8c47f7f8082a92b834f5
SHA16c0f575c0556b41e35e7272f0f858dcf90c192a7
SHA256b9ef1709ed4cd0fd72e4c4ba9b7702cb79d1619c11554ea06277f3dac21bd010
SHA5126761c0e191795f504fc2d63fd866654869d8819c101de51df78ff071a8985541eec9a9659626dfcb31024d25fd47eff42caa2ae85cc0deb8a11113675fac8500
-
Filesize
1KB
MD5e9117326c06fee02c478027cb625c7d8
SHA12ed4092d573289925a5b71625cf43cc82b901daf
SHA256741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52
-
Filesize
987KB
MD50a5632da3e5d51ac53c58f965be121ca
SHA1b585d2b902214c45ad8072a9126c0d464d1da4ad
SHA2569f627acf1839cdf1b503080ea98f4da3e2e273cad7e6f07c7f64c3fd3a2563c5
SHA512c9991e18fd4685bb327b59d1fd5aa18973f10b67a01eafc3ffef72988caf6e5f07a5f4c56c9d485a3b733142152cbcc8dbf43122112f952f525cda57a8a56b18
-
Filesize
1.1MB
MD5ababf276d726328ca9a289f612f6904c
SHA132e6fc81f1d0cd3b7d2459e0aa053c0711466f84
SHA25689c93a672b649cd1e296499333df5b3d9ba2fd28f9280233b56441c69c126631
SHA5126d18b28fb53ffe2eebd2c5487b61f5586d693d69dd1693d3b14fb47ca0cd830e2bd60f8118693c2ff2dcb3995bbfcc703b6e3067e6b80e82b6f4666ca2a9c2ca
-
Filesize
1.1MB
MD5b505e88eb8995c2ec46129fb4b389e6c
SHA1cbfa8650730cbf6c07f5ed37b0744d983abfe50a
SHA256be7918b4f7e7de53674894a4b8cfadcacb4726cea39b7db477a6c70231c41790
SHA5126a51b746d0fbc03f57ff28be08f7e894ad2e9f2a2f3b61d88eae22e7491cf35ae299cdb3261e85e4867f41d8fda012af5bd1eb8e1498f1a81adc4354adacdaab
-
Filesize
149KB
MD580da699f55ca8ed4df2d154f17a08583
SHA1fbd6c7f3c72a6ba4185394209e80373177c2f8d7
SHA2562e3fd65c4e02c99a61344ce59e09ec7fde74c671db5f82a891732e1140910f20
SHA51215ea7cd4075940096a4ab66778a0320964562aa4ae2f6e1acbe173cd5da8855977c66f019fd343cfe8dacc3e410edf933bce117a4e9b542182bad3023805fd44
-
Filesize
72KB
MD57f25ab4019e6c759fc77383f523ef9af
SHA15e6748ce7f6753195117fdc2820996b49fd8d3af
SHA256d0497b79345b2c255f6274baea6ac44b74f345e111ab25bf6c91af9b2a3f3b95
SHA512a179b22c61f661e4d9b17f56b6a7f66f2d8d8e1d2a9a8aca3c4d6a9cb7755ce6d223bfbca817c1098692a39b6fc20ffbdacefd9bfb47ff02ffa47badca437514
-
Filesize
114KB
MD5c6c87fc7bd7555026bb1738857066cff
SHA13c89dcbc228a7b689860545495f7a081721c5a12
SHA2561a6961fd249dbb3a9ccc903fe5ec4631616594edefb19db423fb488b3dba619a
SHA51263d5b76830d17f90c7d846c8481fac33d86cf1e606d4e33cbe5af868b41d35e7c8c95b93906258d1954809d13a46036fabad093a8693bd29121c020f743faeaa
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
60KB
MD564a9384c6b329fb089e4d1657a06b175
SHA1ba0e6fcc3b1406356a40b9d8577b2e7ce69c4aea
SHA256ec655cc34819d6a9677c0541fd7e7b2b8a92804e8bf73aee692a9c44d1a24b5d
SHA5129593d38abfd46bb94409838dd9cbe603fbe154fa0043959512afc264dceec50d846eefa409bcf9936ee1a7c7313604a578b4051eb6fd6918f2beb0da6c8ee532
-
Filesize
1.8MB
MD575909678c6a79ca2ca780a1ceb00232e
SHA139ddbeb1c288335abe910a5011d7034345425f7d
SHA256fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA51291689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf
-
Filesize
1.5MB
MD54b6270a72579b38c1cc83f240fb08360
SHA11a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA5120c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9