Overview

overview

8

Static

static

3

LoaderV6.zip

windows11-21h2-x64

1

LoaderV6/A...wk.dll

windows11-21h2-x64

1

LoaderV6/A...ci.dll

windows11-21h2-x64

1

LoaderV6/A...ui.dll

windows11-21h2-x64

1

LoaderV6/WMPNSSUI.dll

windows11-21h2-x64

1

LoaderV6/loaderV6.exe

windows11-21h2-x64

8

LoaderV6/mpvis.dll

windows11-21h2-x64

1

LoaderV6/wmpnssci.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-07-2024 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LoaderV6.zip

  • Size

    15.2MB

  • MD5

    273e74c7c8e4fefcafca7ab2c634fef7

  • SHA1

    9a01e91e93cef5c77de8c70b8ae80da15a540fff

  • SHA256

    18b7e51b0f80744208e78cdbdc707e5b8467991af8bdea3c47f3ee25ad864277

  • SHA512

    d3f788e51d165b72ebf9c46a3463dd594df308bc199a8f70db25945450ab0c5da3cb1aeffeb6cf9f46f323150bd4d5d660fefd054fed956a5b491dd21e228277

  • SSDEEP

    393216:wjdAJ/kHfMO2/w1kBY8l5aFEYF/pAYfxXaI+vQkXLLcDlE610Cgr:wjKsHfMO2/wBFFF/pAYfR0vQk8DlN0Nr

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\LoaderV6.zip
    1⤵
      PID:1908
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4368
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3688
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:276
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1864 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df5af489-f3df-4e1f-8a92-9a850b1043a9} 276 "\\.\pipe\gecko-crash-server-pipe.276" gpu
            3⤵
              PID:4640
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 25787 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ac9a77-b39e-4f0f-b345-bed10270bcf9} 276 "\\.\pipe\gecko-crash-server-pipe.276" socket
              3⤵
                PID:444
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2784 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 2896 -prefsLen 25928 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba4f329b-d92c-4618-bdb7-a2e4e81e32ad} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
                3⤵
                  PID:4328
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2860 -childID 2 -isForBrowser -prefsHandle 3384 -prefMapHandle 3632 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fb0dcce-1dff-4751-8648-91b5199d60dd} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
                  3⤵
                    PID:2704
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4720 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c9b8e3b-bec3-442d-907f-4ec92fec412b} 276 "\\.\pipe\gecko-crash-server-pipe.276" utility
                    3⤵
                    • Checks processor information in registry
                    PID:2996
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5340 -prefMapHandle 5320 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e6d9e26-4519-4d04-afa8-7abe25b42506} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
                    3⤵
                      PID:2400
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5572 -prefMapHandle 5568 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83388de3-1f18-4fe2-b640-82a6ce2fc526} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
                      3⤵
                        PID:4704
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a80b0a-2e96-40ee-945c-d007019c14bf} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
                        3⤵
                          PID:1776
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 6 -isForBrowser -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e622ef0d-c82c-495e-b4f0-5627bc82956b} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
                          3⤵
                            PID:2176

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9orreff.default-release\activity-stream.discovery_stream.json
                        Filesize

                        18KB

                        MD5

                        6ea012197e2c5df071aef4e510ccb7bb

                        SHA1

                        8668dee60749cf462bb46760e26a5d037a4bd8ae

                        SHA256

                        3f6b2c12eada17cf1817e4a282c35de4ba4a7ca1469472e98ccb11b070e0da12

                        SHA512

                        4339b4490df8c01576a93b4a0cc443f0d217c2b2f3a85527375a97f079b826bdf014eece874a30b5835bffa70ebec13c4e659b9c5f642f008d62d089ca06df24

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9orreff.default-release\cache2\entries\DAD5887947DAC97B75A14CB4BC799EE0FB072D10
                        Filesize

                        60KB

                        MD5

                        7d6c11770c4d8bc9ea7847fbe6e6f906

                        SHA1

                        bfec797ce86cc1897f3165cfd7527146717292a2

                        SHA256

                        a7e29b9f41c8af08c2b1fe53c61fe822e399b7b5253328f19d749eee9cb6e47c

                        SHA512

                        fac4617e65d8900b66fe3ed732515fcc8b7247354bd87405d3b6a89e883549c1b36a7dd8fe4707be1449e347c6ab85c0ebffd88ad83a44edb81ee42efe4c112f

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\AlternateServices.bin
                        Filesize

                        7KB

                        MD5

                        b43b97ab23114ff2472a62e28ba4f32d

                        SHA1

                        443edb72bc45f6df412492a276fb7edf54991110

                        SHA256

                        acf0b573053b53555b4e62cd4222566f14024abb7bdbf81505e52a0bbc9343ac

                        SHA512

                        b93584e724aa1a686dd0a885052ad72f1f0bc66ddc2aecdf03d982e1b09ee5af56190feac3cf57f61bf66a073d6d97b642b95bb0bfdd77c35f21798f8e258862

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\AlternateServices.bin
                        Filesize

                        12KB

                        MD5

                        77ef806bfefd91bda8f15910820659b0

                        SHA1

                        64f5b2b889105436360a42845c0fdad161dd5e87

                        SHA256

                        e8e0198d3ae32271eee184cfb655d709daafc32a3751576151de96da1677f4c0

                        SHA512

                        cf59d574fd76c3e143a8829a2df2473ece8340495ddc466aeddd557a1bebe19696e0db263fb5b4441667124274afdf9699465b374c24cf33b9472cf4674d3fff

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        5KB

                        MD5

                        877955f078024b8920e7c1db0fbb5f1e

                        SHA1

                        f87e515dcd988dc7cc1b28ba35fb91fba05ba1c1

                        SHA256

                        2025ac67c19a065b625d92073557939b71ded84e05b65efc259dd0e7d34544b8

                        SHA512

                        a254b26a188186a64b5a026ea24a4f4862009c79e6a5b8a8ebe62881957eec28fb553d06068bcdeaf5d4809b73a766713eb1842f147e500aae7e66c438bbc7a1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\538d9f39-368a-4866-93c7-c3089022309a
                        Filesize

                        671B

                        MD5

                        90f4f6ae5747e8287b87502c7b3900d7

                        SHA1

                        4e8dd38605c7cb2322ed44c2d648c049825732e6

                        SHA256

                        c4b9445d91d56251d1ff831315d76a781a506dbb374e3d6ce158ee0fb9942921

                        SHA512

                        b05a300cd34e3632697aea5d34c72a59db50ac08cb9fa20bc763564bd8b84f176ade5c96018a22d8d377bb68c6731be57cdd03dde2d1e4a45f1a1b4d69ec2ecd

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\a3615388-34fc-499a-aab9-65c97d6d68be
                        Filesize

                        982B

                        MD5

                        c4cddeeb2ed26ca9903d1ab9c45c3d2b

                        SHA1

                        ff29d0c6418c3056340c2f4eaeb2a2c298c6db1a

                        SHA256

                        9cf57e76b9e7c36b06739d5023f7534585cc9de42c1b88664906dce8ff757631

                        SHA512

                        313edb52fb7fe79393df103059b7883477ebaa140d9b03a61042b6d7ed39ab7bebeca3f0fb4e32c05ea3ae87569916ccf8890b44ac6b3846ef8330da7f9f1727

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\b75630f6-582b-470f-ac8c-25e678564e6e
                        Filesize

                        26KB

                        MD5

                        9436f3926469f079ee5ac3ad7ac9ebc5

                        SHA1

                        32510919a937d47292af305b2ea9f7d51c3bf451

                        SHA256

                        b430d366629f2ca7980c64b6a2500dcee6cff7d86dbe6c859972d99e118e469b

                        SHA512

                        495bff32012cbce60fac935c56315e618c0307384a9cd17c06d1c51dd445222cf4601b9b01e7206f85ddf43d4431bad3d9d231885b9e0a28c71599aaa00df19f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs-1.js
                        Filesize

                        12KB

                        MD5

                        e7a0bdce764aee406248ce4b037359cf

                        SHA1

                        f254d2b8be22a8d5609110fa394614dc9841ae9a

                        SHA256

                        974ff5c9cb98b7875134b76485f2b9e4142780614972b00051c19424e4e42ff5

                        SHA512

                        c4ff3365456c115f5c73e0bf97a900fa7cb1680ba2afedc198a26d24863316a2748007ff2a2153e7f90b1b164448e3fd29fa181c5829e623e86c36ab0eec406d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs.js
                        Filesize

                        8KB

                        MD5

                        a95828f0855aced59728b1fcfa19dccd

                        SHA1

                        21b734fe8bb32e66a9d87154e192fd96f8288166

                        SHA256

                        36b9276f190dc21ddecfff871800a002f1e455c4a7f0d1f15f4a97ea880b79f1

                        SHA512

                        e3d1b53968e697c908fee153c6508b51684ffad6d8e2a7d0174b8ea4f8355250eb21be2fbadc7b5c02cdeb2dcdae90f01bdd8741418dc770eb76b8597976ef35

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        3KB

                        MD5

                        1714504eba0103fe60b21608d1b6deae

                        SHA1

                        64af9e809f213bc8827800aafe0a372bf5af1636

                        SHA256

                        b6eac7f9ebe139bd1c84940e6d3cb831a9cbe0f3d3d95d0c1a1551ec5cc056a1

                        SHA512

                        2071d994eadd927e3b2c8b4727d8f78ecd90c78dce2353b2ec5b990760b50bd3803422fc701e1613414065c7f633d425e5ba65b92b8dcdbf68d77a38d7854d0c

                        Download Submit