Analysis
-
max time kernel
594s -
max time network
601s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 16:44
Static task
static1
Behavioral task
behavioral1
Sample
ENG/Injector.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
ENG/LokiSCPSL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
ENG/start.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
RUS/Injector.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
RUS/LokiSCPSL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
RUS/start.bat
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
RUS/start.bat
-
Size
62B
-
MD5
019b6ed1cbc0b959f60079a7f37fb2dd
-
SHA1
3ce5de167d13e8835b8a40017a80840c906fe075
-
SHA256
b12c2d340a4df769f2e21496d29e510e662764b5c4086c4d29da436a792dd9a6
-
SHA512
748a5d6949bb5d86099c2bc860681565e05bd7e9668d5648d0ae70b1676d80e431efd40105493db5c34d4a112cbba24af1abec46bee5456ff375f6fdf0497572
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe 4368 Injector.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1960 wrote to memory of 4368 1960 cmd.exe 91 PID 1960 wrote to memory of 4368 1960 cmd.exe 91
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\RUS\start.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Users\Admin\AppData\Local\Temp\RUS\Injector.exeInjector.exe LokiSCPSL.dll SCPSL.exe2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4532,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:81⤵PID:4940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4864,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:81⤵PID:1216