Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-07-2024 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    734da3101726c8a040ebe6c2131dc8eb129a0ec92fe3f0d4111e26809d4fc2d1.exe

  • Size

    2.7MB

  • MD5

    7e01323b38be0c94227d303769a1ab71

  • SHA1

    501178f5af9c06993deb091735b4c8e787bd8d79

  • SHA256

    734da3101726c8a040ebe6c2131dc8eb129a0ec92fe3f0d4111e26809d4fc2d1

  • SHA512

    9f941aa9d41ee80330f344524cd9ebe5f0d5715bb0af9fe86a5f1d236fc8d53f875c43f8d32a19c8bcc44a5a062b7452387ac559c204a5f4737a7661bdb5610c

  • SSDEEP

    49152:ULP35wajHbTtyvl3VDF9hInnrTE0eKHfm59Dxg23eVLDl3mnAGddgy0m:Ur35wYovlFRwk0Un1lo0nZ

Score
10/10
privateloaderevasionloader

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 1 IoCs
    evasion
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\734da3101726c8a040ebe6c2131dc8eb129a0ec92fe3f0d4111e26809d4fc2d1.exe
    "C:\Users\Admin\AppData\Local\Temp\734da3101726c8a040ebe6c2131dc8eb129a0ec92fe3f0d4111e26809d4fc2d1.exe"
    1⤵
    • Modifies firewall policy service
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1596
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
    1⤵
      PID:3224
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:2152

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1596-0-0x00007FF605856000-0x00007FF6059B5000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/1596-3-0x00007FFB9F720000-0x00007FFB9F722000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1596-2-0x00007FFB9F9C0000-0x00007FFB9F9C2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1596-1-0x00007FFB9F9B0000-0x00007FFB9F9B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1596-4-0x00007FFB9F730000-0x00007FFB9F732000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1596-5-0x00007FFB9CD30000-0x00007FFB9CD32000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1596-6-0x00007FFB9CD40000-0x00007FFB9CD42000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1596-9-0x00007FF6056F0000-0x00007FF605C74000-memory.dmp

        Filesize

        5.5MB

        Download

      • memory/1596-18-0x000001AABEE90000-0x000001AABEF2E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/1596-20-0x00007FF605856000-0x00007FF6059B5000-memory.dmp

        Filesize

        1.4MB

        Download