Overview

overview

10

Static

static

3

61d67e67d5...7c.exe

windows7-x64

10

61d67e67d5...7c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2024 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61d67e67d5492a03cd4a04b11e6c737c.exe

  • Size

    4.3MB

  • MD5

    61d67e67d5492a03cd4a04b11e6c737c

  • SHA1

    f6ed2279bfd5fb2c42af498b4356ed460ff48d58

  • SHA256

    e3cd90fe855b430449aa00f87f135fc4d61f6a5e592dcba177e9067b00ab632e

  • SHA512

    e94be7bafe8e3ac5f9e703d777351fd60bdb3b78def6adec748c1d3d9867cd164a000bf0d82ef4b44ab9302866aeb7ffe8adf8c18e74b075c30f4213aafd0722

  • SSDEEP

    98304:HEQQ7VWJEL5xZdj/MFScKbeppRZRxWwDv3yiv:khV35xHoAcMeVgwDvv

Score
10/10
privateloaderevasionloader

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 1 IoCs
    evasion
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61d67e67d5492a03cd4a04b11e6c737c.exe
    "C:\Users\Admin\AppData\Local\Temp\61d67e67d5492a03cd4a04b11e6c737c.exe"
    1⤵
    • Modifies firewall policy service
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2264 -s 232
      2⤵
        PID:2544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2264-0-0x000000013F9C6000-0x000000013FC74000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2264-1-0x0000000076E60000-0x0000000076E62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-3-0x0000000076E60000-0x0000000076E62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-17-0x0000000076E90000-0x0000000076E92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-36-0x000007FEFCB90000-0x000007FEFCB92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-34-0x000007FEFCB90000-0x000007FEFCB92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-31-0x000007FEFCB80000-0x000007FEFCB82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-29-0x000007FEFCB80000-0x000007FEFCB82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-26-0x0000000076EA0000-0x0000000076EA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-24-0x0000000076EA0000-0x0000000076EA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-22-0x0000000076EA0000-0x0000000076EA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-21-0x0000000076E90000-0x0000000076E92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-19-0x0000000076E90000-0x0000000076E92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-16-0x000000013F860000-0x00000001400BE000-memory.dmp

      Filesize

      8.4MB

      Download

    • memory/2264-15-0x0000000076E80000-0x0000000076E82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-13-0x0000000076E80000-0x0000000076E82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-11-0x0000000076E80000-0x0000000076E82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-10-0x0000000076E70000-0x0000000076E72000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-8-0x0000000076E70000-0x0000000076E72000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-6-0x0000000076E70000-0x0000000076E72000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-5-0x0000000076E60000-0x0000000076E62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2264-48-0x000000013F9C6000-0x000000013FC74000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2264-49-0x000000013F860000-0x00000001400BE000-memory.dmp

      Filesize

      8.4MB

      Download