Overview

overview

9

Static

static

3

loader.exe

windows11-21h2-x64

9

updater.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    143s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-08-2024 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    updater.exe

  • Size

    10.9MB

  • MD5

    1c28034e116afe153b3b302a724c6d78

  • SHA1

    e9f8cabd63fd4d63193ff474876f6a8b7fb98c00

  • SHA256

    14e0ffd153b81fddd493dc323d574024696e0dbbef43e8ef02de3478162b8138

  • SHA512

    09bbd832b0a1263d970ff848e9a3a76e2225c0fe22c668c6df35df25f91c1a6465425d3cfbb375b9fab235e32a82289f1db1dc716b121eb608fe7b5952d039ba

  • SSDEEP

    98304:wK0QVCU1FA6WWB6kad0lTXvXeksplGcBmJNcZT+nTqGgjAGM8o:HlA6j4/Wl7eN9A8Mj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\updater.exe
    "C:\Users\Admin\AppData\Local\Temp\updater.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3940
    • C:\Users\Admin\AppData\Local\Temp\loader.exe
      ".\loader.exe" .
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    Filesize

    16.4MB

    MD5

    3e93b1dbd7ca5e177d41b671a66a5df8

    SHA1

    65557f3172317d525fefa0337268a3e684980f01

    SHA256

    2473920941f50b4f64f17914aa6977a5592bef34aa62bd3e1dde3ba43595225e

    SHA512

    2233ecc44d3e1e836d750adb756ecfceaed7352a483876f04801bf305f40722f56c27fb93dce77274786167bda3676e4a2192c55ffb604cf8827c78f49193194

    Download Submit

  • memory/3940-0-0x000001B82CAC0000-0x000001B82CAC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3940-2-0x000001B82CAC0000-0x000001B82CAC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3940-1-0x000001B82CAC0000-0x000001B82CAC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3940-5-0x000001B82CF70000-0x000001B82CF72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3940-4-0x000001B82CF70000-0x000001B82CF72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3940-3-0x000001B82CF70000-0x000001B82CF72000-memory.dmp

    Filesize

    8KB

    Download