Analysis

  • max time kernel
    100s
  • max time network
    111s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    18-12-2024 19:34

General

  • Target

    Loli-Mod-main/Loli Injector.bat

  • Size

    4.8MB

  • MD5

    9c58972b0a69ec3cd850d541d5a6ccc9

  • SHA1

    40fbc45efee38e4c6ff928783825dd8fc43fea42

  • SHA256

    5892a004e878334d83c8956fe8a1ee683ed5071a88a89c0fe9a173759573383f

  • SHA512

    0d5f60c4121f00c3cca5d8bfeddbf3f3e3a4c7bf5de94a47722b961c4bd652fa43038b12160c7b61b52bcc1eaf554e58a9676f9e84d84dd7e97250b6def35f41

  • SSDEEP

    49152:ycTqSBit+t1oEdDxWh3i8oS6h/ReKmSv/W7EXi/I2Mo2A/ZkuSgcajoI8oDwkq:V

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Loli-Mod-main\Loli Injector.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Windows\System32\Wbem\WMIC.exe
      wmic diskdrive get Model
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2532
    • C:\Windows\system32\findstr.exe
      findstr /i "DADY HARDDISK QEMU HARDDISK WDC WDS100T2B0A"
      2⤵
        PID:720

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads