c7e8f1e7524fcbedbe7c80a7dda4e75b79d114d8b0f38c7a94db554ecc348449 | Triage

Analysis

max time kernel
32s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 17:26

Sharing

Report Analysis Logs

General

Target

Loader.exe
Size

1013KB
MD5

121f40b877e0db403d580b0eef6ee6e5
SHA1

1198e5dc195ad02950bda3df3f156402f92cd140
SHA256

c08b31a3b9db166b695c307313df2905e1ccd0c89ca42c17b268ef2c431d4a7c
SHA512

de1f88738843b1de99933984ea5d34f1f6ea857312fb312f8f956d733e76f86e46edfcd61f13effe20a0e5064b0ad726be19644dd69d0a97a7eaba099e05b95b
SSDEEP

24576:9Xrk4uI8+GTXgSiFBZhnumcQUKU/ayTW:9XQbTQ5nnumLuJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

Loader.execmd.exe

description	pid	process	target process
PID 2960 wrote to memory of 3044	2960	Loader.exe	cmd.exe
PID 2960 wrote to memory of 3044	2960	Loader.exe	cmd.exe
PID 2960 wrote to memory of 3044	2960	Loader.exe	cmd.exe
PID 3044 wrote to memory of 2416	3044	cmd.exe	certutil.exe
PID 3044 wrote to memory of 2416	3044	cmd.exe	certutil.exe
PID 3044 wrote to memory of 2416	3044	cmd.exe	certutil.exe
PID 3044 wrote to memory of 2156	3044	cmd.exe	find.exe
PID 3044 wrote to memory of 2156	3044	cmd.exe	find.exe
PID 3044 wrote to memory of 2156	3044	cmd.exe	find.exe
PID 3044 wrote to memory of 2332	3044	cmd.exe	find.exe
PID 3044 wrote to memory of 2332	3044	cmd.exe	find.exe
PID 3044 wrote to memory of 2332	3044	cmd.exe	find.exe

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Loader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
2⤵
- Suspicious use of WriteProcessMemory
PID:3044

C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Loader.exe" MD5
3⤵
PID:2416

C:\Windows\system32\find.exe
find /i /v "md5"
3⤵
PID:2156

C:\Windows\system32\find.exe
find /i /v "certutil"
3⤵
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads