Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
14-12-2024 17:29
Static task
static1
Behavioral task
behavioral1
Sample
Unborn Loader.rar
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Unborn Loader.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Unborn Loader.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Unborn Loader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
d3dx9_39.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
d3dx9_39.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
msvcp140.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
msvcp140.dll
Resource
win10v2004-20241007-en
General
-
Target
Unborn Loader.rar
-
Size
2.4MB
-
MD5
30e58249ce4ad8eedab5ba96cc249bde
-
SHA1
51b082f305f74b1ff70c7a19312cccd1fbe34859
-
SHA256
6f0508001795fa33102003e9fba80a30b91a68a2f2cc93897bf8810b3952cbf1
-
SHA512
ce3e87d1cf44a657e6e11212dfe0bc8597e23117ac4ef7dcdd782464fbcfd6464e9892fecbbb4715c4c2f945f30ca92212faf27ed7abee783829bf9138189216
-
SSDEEP
49152:V4SvGjF/Ma6VaXHjKf/rd3mterJl997XilaZLEmkwXCYJTU2pXsSWGl31iaV:VOF/MijWoI9ljzSlV+TUcnl
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2540 Unborn Loader.exe 2740 Unborn Loader.exe -
Loads dropped DLL 2 IoCs
pid Process 2440 7zFM.exe 2440 7zFM.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2440 7zFM.exe 2440 7zFM.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2440 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeRestorePrivilege 2440 7zFM.exe Token: 35 2440 7zFM.exe Token: SeSecurityPrivilege 2440 7zFM.exe Token: SeSecurityPrivilege 2440 7zFM.exe Token: SeSecurityPrivilege 2440 7zFM.exe Token: SeSecurityPrivilege 2440 7zFM.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 2440 7zFM.exe 2440 7zFM.exe 2440 7zFM.exe 2440 7zFM.exe 2440 7zFM.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2440 wrote to memory of 2540 2440 7zFM.exe 30 PID 2440 wrote to memory of 2540 2440 7zFM.exe 30 PID 2440 wrote to memory of 2540 2440 7zFM.exe 30 PID 2440 wrote to memory of 2740 2440 7zFM.exe 33 PID 2440 wrote to memory of 2740 2440 7zFM.exe 33 PID 2440 wrote to memory of 2740 2440 7zFM.exe 33
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Unborn Loader.rar"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Users\Admin\AppData\Local\Temp\7zO889FCF86\Unborn Loader.exe"C:\Users\Admin\AppData\Local\Temp\7zO889FCF86\Unborn Loader.exe"2⤵
- Executes dropped EXE
PID:2540
-
-
C:\Users\Admin\AppData\Local\Temp\7zO889F90C6\Unborn Loader.exe"C:\Users\Admin\AppData\Local\Temp\7zO889F90C6\Unborn Loader.exe"2⤵
- Executes dropped EXE
PID:2740
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
932KB
MD5b09fc8269f897d7f94bd58ef20f42545
SHA1b10fb06fb53767676a83ea0f65678b4fbd90cd1b
SHA2566ad82006952f9fc912bdd3a767492098cc2ab7ffa7f2cdbc7114bd77a50f4c4c
SHA512c88db52dfbe8afcc0d79a77cb1cf71e03f4b1a432782c93ea21259bc62bea2018c5372da110eb9c1eae853fafcb714911b6d90b634565012236ce810c1cb308a