59ae19e7177c43511fbe5a992d2b183432a0846fa0ee4f06f88a8c7a45b1e9de

Analysis

max time kernel
4s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Genesis_Loader (1).exe
Size

13.8MB
MD5

88cfc89069c32feaf1f9176abda5821b
SHA1

e072f07cb1c33037bb9f1c6dfa86a12b6176f063
SHA256

59ae19e7177c43511fbe5a992d2b183432a0846fa0ee4f06f88a8c7a45b1e9de
SHA512

1f5b1f4bcd8981b82125e0684ae8f15e6ad7eb01f1e0cc8cb43e9018aa09e4de3036a0f2355d132d077a428987bb4d2ad71040d7cf6946c2149fafb4caa62625
SSDEEP

196608:EoUfaETJZW+TtrgO4JuuRk5dJFEuamq9/UFLWBxhMH+N6VCnNkBiHDI:EoUf/g+Brg+dfdbQ/UFSBxPLjI

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe
2704	Genesis_Loader (1).exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2536	2704	Genesis_Loader (1).exe	31
PID 2704 wrote to memory of 2536	2704	Genesis_Loader (1).exe	31
PID 2704 wrote to memory of 2536	2704	Genesis_Loader (1).exe	31
PID 2704 wrote to memory of 2532	2704	Genesis_Loader (1).exe	32
PID 2704 wrote to memory of 2532	2704	Genesis_Loader (1).exe	32
PID 2704 wrote to memory of 2532	2704	Genesis_Loader (1).exe	32

C:\Users\Admin\AppData\Local\Temp\Genesis_Loader (1).exe
"C:\Users\Admin\AppData\Local\Temp\Genesis_Loader (1).exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 3
  2⤵
  PID:2532

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2260

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\CopyConvert.3g2"
1⤵
PID:2656

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2656-26-0x000000013FA50000-0x000000013FB48000-memory.dmp

Filesize
992KB

Download
memory/2656-29-0x000007FEF3F30000-0x000007FEF4FE0000-memory.dmp

Filesize
16.7MB

Download
memory/2656-27-0x000007FEF54D0000-0x000007FEF5504000-memory.dmp

Filesize
208KB

Download
memory/2656-28-0x000007FEF5210000-0x000007FEF54C6000-memory.dmp

Filesize
2.7MB

Download
memory/2704-3-0x0000000076F60000-0x0000000076F62000-memory.dmp

Filesize
8KB

Download
memory/2704-8-0x0000000076F70000-0x0000000076F72000-memory.dmp

Filesize
8KB

Download
memory/2704-11-0x0000000140000000-0x000000014161F000-memory.dmp

Filesize
22.1MB

Download
memory/2704-6-0x0000000076F70000-0x0000000076F72000-memory.dmp

Filesize
8KB

Download
memory/2704-10-0x0000000076F70000-0x0000000076F72000-memory.dmp

Filesize
8KB

Download
memory/2704-0-0x000000014000D000-0x000000014084A000-memory.dmp

Filesize
8.2MB

Download
memory/2704-5-0x0000000076F60000-0x0000000076F62000-memory.dmp

Filesize
8KB

Download
memory/2704-1-0x0000000076F60000-0x0000000076F62000-memory.dmp

Filesize
8KB

Download
memory/2704-30-0x000000014000D000-0x000000014084A000-memory.dmp

Filesize
8.2MB

Download
memory/2704-31-0x0000000140000000-0x000000014161F000-memory.dmp

Filesize
22.1MB

Download