b6d29012ea7aec9526af35eab3e70e3b48f7ae6e92cc71216264ac3e15b34bae | Triage

Analysis

max time kernel
20s
max time network
13s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23/08/2024, 13:02

Sharing

Report Analysis Logs

General

Target

Loader.exe
Size

1.4MB
MD5

e7d06c5d745b8a0f3e7a607ae3d44ee2
SHA1

2a3cadc2e428e9f5090e18ff5768b9e0254bef28
SHA256

b6d29012ea7aec9526af35eab3e70e3b48f7ae6e92cc71216264ac3e15b34bae
SHA512

75c2f112dea40834013023ba43a67094b2b0d2e4296ef7d8c966638d21f686280c87cdaf7f96f62f472024e94f5f93a43dfb31b3663fb62a601fa7d794951a68
SSDEEP

24576:E6qsgabtl9T8Nx6AQ8DSoRPm/Rwn4o60OegX7Aozptl72NkoV:is9bnuNzv+DenO0Ervzd2Nkw

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5112	Loader.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 2612	5112	Loader.exe	81
PID 5112 wrote to memory of 2612	5112	Loader.exe	81
PID 2612 wrote to memory of 5096	2612	cmd.exe	83
PID 2612 wrote to memory of 5096	2612	cmd.exe	83
PID 2612 wrote to memory of 4016	2612	cmd.exe	84
PID 2612 wrote to memory of 4016	2612	cmd.exe	84
PID 2612 wrote to memory of 1288	2612	cmd.exe	85
PID 2612 wrote to memory of 1288	2612	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Loader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Loader.exe" MD5
    3⤵
    PID:5096
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4016
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads