Analysis
-
max time kernel
20s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
04-11-2024 04:33
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20241010-en
windows7-x64
5 signatures
30 seconds
Behavioral task
behavioral2
Sample
Loader.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
7 signatures
30 seconds
General
-
Target
Loader.exe
-
Size
3.2MB
-
MD5
0a4c593507a31d3f4253df9acfb18685
-
SHA1
03d6f7fc3bea683c115125e9693c31988502910a
-
SHA256
e5dd8734559a07856c50fdbad7c49ecb14c5d2cf615e096d35abbea0442e3c8f
-
SHA512
5cfbfb39a9bfe0d46cc551863c5049c9aa8352c24ffaa8cd5b52e227dee88006610c5bb58b3bc49f6fedfbb7fe996a0a3c9b2d6bf31f770569d456984455628b
-
SSDEEP
98304:0Do8NHCp5zjlB5FR545qF90ix9OtPnoplk2n:0h0FjlBt5nx85gk2n
Malware Config
Signatures
-
Skuld family
-
resource yara_rule behavioral1/memory/2108-0-0x0000000001120000-0x0000000001B68000-memory.dmp upx behavioral1/memory/2108-1-0x0000000001120000-0x0000000001B68000-memory.dmp upx -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2220 SndVol.exe 2220 SndVol.exe -
Suspicious use of SendNotifyMessage 4 IoCs
pid Process 2220 SndVol.exe 2220 SndVol.exe 2220 SndVol.exe 2220 SndVol.exe