Analysis

  • max time kernel
    20s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-11-2024 04:33

General

  • Target

    Loader.exe

  • Size

    3.2MB

  • MD5

    0a4c593507a31d3f4253df9acfb18685

  • SHA1

    03d6f7fc3bea683c115125e9693c31988502910a

  • SHA256

    e5dd8734559a07856c50fdbad7c49ecb14c5d2cf615e096d35abbea0442e3c8f

  • SHA512

    5cfbfb39a9bfe0d46cc551863c5049c9aa8352c24ffaa8cd5b52e227dee88006610c5bb58b3bc49f6fedfbb7fe996a0a3c9b2d6bf31f770569d456984455628b

  • SSDEEP

    98304:0Do8NHCp5zjlB5FR545qF90ix9OtPnoplk2n:0h0FjlBt5nx85gk2n

Score
10/10

Malware Config

Signatures

  • Skuld family
  • Skuld stealer

    An info stealer written in Go lang.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
      PID:2108
    • C:\Windows\system32\SndVol.exe
      SndVol.exe -f 45679770 28174
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2220

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2108-0-0x0000000001120000-0x0000000001B68000-memory.dmp

      Filesize

      10.3MB

    • memory/2108-1-0x0000000001120000-0x0000000001B68000-memory.dmp

      Filesize

      10.3MB

    • memory/2220-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB