Overview
overview
9Static
static
7GRADIENT LOADER.zip
windows7-x64
3GRADIENT LOADER.zip
windows10-2004-x64
11ST.exe
windows7-x64
71ST.exe
windows10-2004-x64
7out.exe
windows7-x64
out.exe
windows10-2004-x64
1ST.ini
windows7-x64
11ST.ini
windows10-2004-x64
1GRADIENTLOADER.exe
windows7-x64
7GRADIENTLOADER.exe
windows10-2004-x64
9loader-o.pyc
windows7-x64
3loader-o.pyc
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 15:15
Behavioral task
behavioral1
Sample
GRADIENT LOADER.zip
Resource
win7-20240729-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
GRADIENT LOADER.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
1ST.exe
Resource
win7-20240708-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral4
Sample
1ST.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral5
Sample
out.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
out.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
1ST.ini
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
1ST.ini
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
GRADIENTLOADER.exe
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
GRADIENTLOADER.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
20 signatures
150 seconds
Behavioral task
behavioral11
Sample
loader-o.pyc
Resource
win7-20240704-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral12
Sample
loader-o.pyc
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
GRADIENT LOADER.zip
-
Size
57.4MB
-
MD5
f02ed71ab2c31d4e53327c626ec978b1
-
SHA1
6446c506c56deb6e4cc60ea21abb1cbf24648420
-
SHA256
8c030073c10ea9058edfb91eb8d8b60ed10a8844690a8321b8f65ab56951d268
-
SHA512
e62c14cf8cbeb0a364da28b430e261a0ff5841847f709be9e2600d2caee4c0ec1ad91ddc85e99769ab59f116b940c6bc00af3229bb146ca6c297d784b2acd6e0
-
SSDEEP
1572864:WBH3D5KU2J9pC2pZW3LX7wdu+avx9slHgfffuz:WBHduxZmX7sBlH4fe
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2656 wrote to memory of 2720 2656 chrome.exe 34 PID 2656 wrote to memory of 2720 2656 chrome.exe 34 PID 2656 wrote to memory of 2720 2656 chrome.exe 34 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 976 2656 chrome.exe 36 PID 2656 wrote to memory of 300 2656 chrome.exe 37 PID 2656 wrote to memory of 300 2656 chrome.exe 37 PID 2656 wrote to memory of 300 2656 chrome.exe 37 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38 PID 2656 wrote to memory of 2576 2656 chrome.exe 38
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\GRADIENT LOADER.zip"1⤵PID:2336
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:3052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6889758,0x7fef6889768,0x7fef68897782⤵PID:2720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:22⤵PID:976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1016 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:82⤵PID:300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1212 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:12⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1112 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1888 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:22⤵PID:1648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:12⤵PID:2256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:82⤵PID:1748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:82⤵PID:2480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:82⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1412 --field-trial-handle=1724,i,15989578565547586130,7862566781678737726,131072 /prefetch:12⤵PID:1652
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD5ce4d5abd3d0a6e840d22e3a4f2fd49d5
SHA1edecacf03701e38e6c0f93e4832b49b8775f693d
SHA25666496416a4e110804b376aba62f09960dfa57ea6be4413cebacec1b6b67d26ea
SHA512c60df950ad5c0e96e89b046582a383b851f2f9bdea107de600aa2c28ab2f663accc118a163d7344b334921d2b95aaa6316ca2c8bf474231c9b27f3804e284d92
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
322KB
MD5fd38a71ae434f45671b96aeaafc6292b
SHA1dae0e1c91298c099901ff9f03946f4711c2b8b9f
SHA256cd02cff9da9304817bb087050b36eac380ff2b9227d3d39d9822b8154402a636
SHA512cd31677b1c9b2852c66b641450fbedc33fc1eb1a311d6b11f0c77cd47ffc16fb9cc2960aae31e1b4ba0555591624b1f918e9d5c73d3e5272bbffb3ef88c77a9d
-
Filesize
162KB
MD55460181a0b5974a9582399626c5685ea
SHA148e34e8447748c6b23a870c7f488212b4361df51
SHA2564b8330b4db7592d9227711f709480f346be8af820e6466e770762ec612df39e9
SHA5124b2b366e96e1ce0812a26dabfadafe2901e3a74ad0ca5ba752073bd5d3b989afc95c2ed4eee8a76fc69df2274acd8483ca9efdf60feaa3fc83dcafe788b19095