Analysis
-
max time kernel
4s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12-07-2024 20:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Genesis_Loader.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Genesis_Loader.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Genesis_Loader.exe
-
Size
13.8MB
-
MD5
88cfc89069c32feaf1f9176abda5821b
-
SHA1
e072f07cb1c33037bb9f1c6dfa86a12b6176f063
-
SHA256
59ae19e7177c43511fbe5a992d2b183432a0846fa0ee4f06f88a8c7a45b1e9de
-
SHA512
1f5b1f4bcd8981b82125e0684ae8f15e6ad7eb01f1e0cc8cb43e9018aa09e4de3036a0f2355d132d077a428987bb4d2ad71040d7cf6946c2149fafb4caa62625
-
SSDEEP
196608:EoUfaETJZW+TtrgO4JuuRk5dJFEuamq9/UFLWBxhMH+N6VCnNkBiHDI:EoUf/g+Brg+dfdbQ/UFSBxPLjI
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
pid Process 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe 1400 Genesis_Loader.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1400 wrote to memory of 2864 1400 Genesis_Loader.exe 32 PID 1400 wrote to memory of 2864 1400 Genesis_Loader.exe 32 PID 1400 wrote to memory of 2864 1400 Genesis_Loader.exe 32 PID 1400 wrote to memory of 2860 1400 Genesis_Loader.exe 33 PID 1400 wrote to memory of 2860 1400 Genesis_Loader.exe 33 PID 1400 wrote to memory of 2860 1400 Genesis_Loader.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\Genesis_Loader.exe"C:\Users\Admin\AppData\Local\Temp\Genesis_Loader.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1400 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 32⤵PID:2860
-