Analysis

  • max time kernel
    96s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 21:38

General

  • Target

    loader3.exe

  • Size

    2.0MB

  • MD5

    c1afc5729255d68bf6f7ac02e43935dc

  • SHA1

    ca62f75238efa0daf3521e2df1a44fc6a7784315

  • SHA256

    6cdb812daba9157f3c51ebdda2b38268f32c7ca4048e7c4364c5b354a32a0ba0

  • SHA512

    476a301a51893a79c1916ab9f45c0d45c89e8b3e81bf8108c6ac305fc602be2c720ad6cc88393b300824895d30add2454afbe4d7e1a282510e0430f4973f9fe0

  • SSDEEP

    24576:Gu3Gf0zS31XOG9mqgTlA4ZgW4u+T3NT8eQnwuGKFh8fd6ellpC+bKlANc06OO:Gr8O3cGUqqGtZIdnV39GT1

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\loader3.exe
    "C:\Users\Admin\AppData\Local\Temp\loader3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\loader3.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3436
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\loader3.exe" MD5
        3⤵
          PID:3612
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:5092
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:3728
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Couldn't connect to server && timeout /t 5"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4944
            • C:\Windows\system32\cmd.exe
              cmd /C "color b && title Error && echo Couldn't connect to server && timeout /t 5"
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:5052
              • C:\Windows\system32\timeout.exe
                timeout /t 5
                4⤵
                • Delays execution with timeout.exe
                PID:3588

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads