265bb10413b15be42cf03007a417f5a0edb52d126418d554c4d745a282d73c40 | Triage

Resubmissions

02/09/2024, 14:00

240902-ra95ca1hnl 7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 14:00

Sharing

Report Analysis Logs

General

Target

EvilSide_Loader_v1.1.exe
Size

566KB
MD5

5848e33da82ed47b0afcaf46aec5de7e
SHA1

c4be79f940dff8595e9ea4d1226de73768d0a105
SHA256

265bb10413b15be42cf03007a417f5a0edb52d126418d554c4d745a282d73c40
SHA512

282fff9a806c589f27afe19901f9fd147d6ed42bf169842e845f47655688b08016d778662aa68ac22503960a22e06285e82829806f0796bf428bb20ef812d758
SSDEEP

12288:deV5Tjfj0w+/NZCHWj8KHD1af22Obh4nmbv:defjfAwkMHWT4n2v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2512	convar.exe

Loads dropped DLL 1 IoCs

pid	Process
2356	EvilSide_Loader_v1.1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2324	2356	EvilSide_Loader_v1.1.exe	32
PID 2356 wrote to memory of 2324	2356	EvilSide_Loader_v1.1.exe	32
PID 2356 wrote to memory of 2324	2356	EvilSide_Loader_v1.1.exe	32
PID 2356 wrote to memory of 2512	2356	EvilSide_Loader_v1.1.exe	33
PID 2356 wrote to memory of 2512	2356	EvilSide_Loader_v1.1.exe	33
PID 2356 wrote to memory of 2512	2356	EvilSide_Loader_v1.1.exe	33

C:\Users\Admin\AppData\Local\Temp\EvilSide_Loader_v1.1.exe
"C:\Users\Admin\AppData\Local\Temp\EvilSide_Loader_v1.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\convar.exe
  "convar.exe"
  2⤵
  - Executes dropped EXE
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\convar.exe

Filesize
526KB

MD5
2b11fcb0e9dd21e6e383e95f42689304

SHA1
3b8de6f03f9af5f10dfb609032280db917e2bb86

SHA256
8d90aa75447afbdb9ed6eb868ef0f60ad98fa59eeffcbbf9769887a0a3102653

SHA512
870022efae373ff4d867e265bad1914720b8ee286eeb307e1e61aeafa821aa67782081f6b9c991e756dc279548ca3428ee0fa4a23640bce5ba861d5b3deffb44

Download Submit