Overview

overview

9

Static

static

7

Downloads ...v2.exe

windows7-x64

9

Downloads ...v2.exe

windows10-2004-x64

9

Downloads ...S2.exe

windows7-x64

1

Downloads ...S2.exe

windows10-2004-x64

1

Downloads ...ir.exe

windows7-x64

1

Downloads ...ir.exe

windows10-2004-x64

8

Downloads ...er.exe

windows7-x64

9

Downloads ...er.exe

windows10-2004-x64

9

Downloads ...or.exe

windows7-x64

9

Downloads ...or.exe

windows10-2004-x64

9

Downloads ...q1.exe

windows7-x64

5

Downloads ...q1.exe

windows10-2004-x64

5

Downloads ...ix.bat

windows7-x64

1

Downloads ...ix.bat

windows10-2004-x64

1

Downloads ...ix.bat

windows7-x64

9

Downloads ...ix.bat

windows10-2004-x64

9

Downloads ...ix.bat

windows7-x64

1

Downloads ...ix.bat

windows10-2004-x64

1

Downloads ...b1.exe

windows7-x64

5

Downloads ...b1.exe

windows10-2004-x64

5

Downloads ...ix.bat

windows7-x64

9

Downloads ...ix.bat

windows10-2004-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-08-2024 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Downloads 12.6.24/Downloads 12.6.24/Downloads/Loud Chair.exe

  • Size

    18.9MB

  • MD5

    e85d8cd73a221953c10c6ae719c4daae

  • SHA1

    a78ad50dd874b8a159c1300035927ffae558930f

  • SHA256

    320d56906b73e07663ae65f53e6ee1008042e3ecdd640f34d60e48c035fa7eb5

  • SHA512

    10c36ff7963159f6b76e80105aefefef3d6a075ad6d9d9a79397ce4f24f9f2f8deed59033543b0722614340ac9a9524c466509c609458b0160d826bc8e77fcd2

  • SSDEEP

    393216:Infyt2vkj2gwfhbjlZDnJAKqnPg69iG4C7NH:tt2Q2XtRtnmVFJp

Score
8/10
evasion

Malware Config

Signatures

  • Downloads MZ/PE file
  • Looks for VMWare Tools registry key 2 TTPs 2 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 2 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • cURL User-Agent 3 IoCs

    Uses User-Agent string associated with cURL utility.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Downloads 12.6.24\Downloads 12.6.24\Downloads\Loud Chair.exe
    "C:\Users\Admin\AppData\Local\Temp\Downloads 12.6.24\Downloads 12.6.24\Downloads\Loud Chair.exe"
    1⤵
    • Looks for VMWare Tools registry key
    • Deletes itself
    • Checks for VirtualBox DLLs, possible anti-VM trick
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4152
    • C:\Users\Admin\AppData\Local\Temp\Downloads 12.6.24\Downloads 12.6.24\Downloads\ldr_YuZkgLm.exe
      "ldr_YuZkgLm.exe" "C:\Users\Admin\AppData\Local\Temp\Downloads 12.6.24\Downloads 12.6.24\Downloads\Loud Chair.exe"
      2⤵
      • Looks for VMWare Tools registry key
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Downloads 12.6.24\Downloads 12.6.24\Downloads\ldr_YuZkgLm.exe
    Filesize

    17.7MB

    MD5

    be91f737d091cefe7e9a2b5ff5977940

    SHA1

    e91eee49cc72f60b1e508f223325930d49279017

    SHA256

    3499a62a6d2925919c64129ed353a87b7ad81ca136eac6e69e411f2018ceb3eb

    SHA512

    953bce8ff0fdb9b8da371b1747e6c8278bd36f042816f0777a15ad12f4799524576090901024362aaf34e99ec3163563622202f27996fa4a47a41527f60c1ade

    Download Submit

  • memory/1860-17-0x00007FFBEF170000-0x00007FFBEF172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1860-19-0x00007FF6A8720000-0x00007FF6AA699000-memory.dmp

    Filesize

    31.5MB

    Download

  • memory/1860-23-0x00007FF6A8720000-0x00007FF6AA699000-memory.dmp

    Filesize

    31.5MB

    Download

  • memory/4152-0-0x00007FFBEF170000-0x00007FFBEF172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4152-2-0x00007FF757EC7000-0x00007FF758AAF000-memory.dmp

    Filesize

    11.9MB

    Download

  • memory/4152-1-0x00007FF757D20000-0x00007FF759DA0000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/4152-6-0x00007FF757D20000-0x00007FF759DA0000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/4152-15-0x00007FF757D20000-0x00007FF759DA0000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/4152-16-0x00007FF757EC7000-0x00007FF758AAF000-memory.dmp

    Filesize

    11.9MB

    Download