Overview
overview
10Static
static
10Loli-Mod-m...nt.exe
windows7-x64
10Loli-Mod-m...nt.exe
windows10-2004-x64
10Loli-Mod-m...nt.exe
windows10-ltsc 2021-x64
10Loli-Mod-m...nt.exe
windows11-21h2-x64
10Loli-Mod-m...or.bat
windows7-x64
1Loli-Mod-m...or.bat
windows10-2004-x64
1Loli-Mod-m...or.bat
windows10-ltsc 2021-x64
1Loli-Mod-m...or.bat
windows11-21h2-x64
1Loli-Mod-m... 1.exe
windows7-x64
1Loli-Mod-m... 1.exe
windows10-2004-x64
1Loli-Mod-m... 1.exe
windows10-ltsc 2021-x64
1Loli-Mod-m... 1.exe
windows11-21h2-x64
1Loli-Mod-m...nc.exe
windows7-x64
3Loli-Mod-m...nc.exe
windows10-2004-x64
3Loli-Mod-m...nc.exe
windows10-ltsc 2021-x64
3Loli-Mod-m...nc.exe
windows11-21h2-x64
3Loli-Mod-main/y.exe
windows7-x64
10Loli-Mod-main/y.exe
windows10-2004-x64
10Loli-Mod-main/y.exe
windows10-ltsc 2021-x64
10Loli-Mod-main/y.exe
windows11-21h2-x64
10Analysis
-
max time kernel
100s -
max time network
111s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
18-12-2024 19:34
Behavioral task
behavioral1
Sample
Loli-Mod-main/AsyncClient.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Loli-Mod-main/AsyncClient.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Loli-Mod-main/AsyncClient.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral4
Sample
Loli-Mod-main/AsyncClient.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Loli-Mod-main/Loli Injector.bat
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Loli-Mod-main/Loli Injector.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Loli-Mod-main/Loli Injector.bat
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral8
Sample
Loli-Mod-main/Loli Injector.bat
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
Loli-Mod-main/Stage 1.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Loli-Mod-main/Stage 1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Loli-Mod-main/Stage 1.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral12
Sample
Loli-Mod-main/Stage 1.exe
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
Loli-Mod-main/hvnc.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Loli-Mod-main/hvnc.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Loli-Mod-main/hvnc.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral16
Sample
Loli-Mod-main/hvnc.exe
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
Loli-Mod-main/y.exe
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
Loli-Mod-main/y.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Loli-Mod-main/y.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral20
Sample
Loli-Mod-main/y.exe
Resource
win11-20241007-en
General
-
Target
Loli-Mod-main/Loli Injector.bat
-
Size
4.8MB
-
MD5
9c58972b0a69ec3cd850d541d5a6ccc9
-
SHA1
40fbc45efee38e4c6ff928783825dd8fc43fea42
-
SHA256
5892a004e878334d83c8956fe8a1ee683ed5071a88a89c0fe9a173759573383f
-
SHA512
0d5f60c4121f00c3cca5d8bfeddbf3f3e3a4c7bf5de94a47722b961c4bd652fa43038b12160c7b61b52bcc1eaf554e58a9676f9e84d84dd7e97250b6def35f41
-
SSDEEP
49152:ycTqSBit+t1oEdDxWh3i8oS6h/ReKmSv/W7EXi/I2Mo2A/ZkuSgcajoI8oDwkq:V
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2532 WMIC.exe 2532 WMIC.exe 2532 WMIC.exe 2532 WMIC.exe -
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2532 WMIC.exe Token: SeSecurityPrivilege 2532 WMIC.exe Token: SeTakeOwnershipPrivilege 2532 WMIC.exe Token: SeLoadDriverPrivilege 2532 WMIC.exe Token: SeSystemProfilePrivilege 2532 WMIC.exe Token: SeSystemtimePrivilege 2532 WMIC.exe Token: SeProfSingleProcessPrivilege 2532 WMIC.exe Token: SeIncBasePriorityPrivilege 2532 WMIC.exe Token: SeCreatePagefilePrivilege 2532 WMIC.exe Token: SeBackupPrivilege 2532 WMIC.exe Token: SeRestorePrivilege 2532 WMIC.exe Token: SeShutdownPrivilege 2532 WMIC.exe Token: SeDebugPrivilege 2532 WMIC.exe Token: SeSystemEnvironmentPrivilege 2532 WMIC.exe Token: SeRemoteShutdownPrivilege 2532 WMIC.exe Token: SeUndockPrivilege 2532 WMIC.exe Token: SeManageVolumePrivilege 2532 WMIC.exe Token: 33 2532 WMIC.exe Token: 34 2532 WMIC.exe Token: 35 2532 WMIC.exe Token: 36 2532 WMIC.exe Token: SeIncreaseQuotaPrivilege 2532 WMIC.exe Token: SeSecurityPrivilege 2532 WMIC.exe Token: SeTakeOwnershipPrivilege 2532 WMIC.exe Token: SeLoadDriverPrivilege 2532 WMIC.exe Token: SeSystemProfilePrivilege 2532 WMIC.exe Token: SeSystemtimePrivilege 2532 WMIC.exe Token: SeProfSingleProcessPrivilege 2532 WMIC.exe Token: SeIncBasePriorityPrivilege 2532 WMIC.exe Token: SeCreatePagefilePrivilege 2532 WMIC.exe Token: SeBackupPrivilege 2532 WMIC.exe Token: SeRestorePrivilege 2532 WMIC.exe Token: SeShutdownPrivilege 2532 WMIC.exe Token: SeDebugPrivilege 2532 WMIC.exe Token: SeSystemEnvironmentPrivilege 2532 WMIC.exe Token: SeRemoteShutdownPrivilege 2532 WMIC.exe Token: SeUndockPrivilege 2532 WMIC.exe Token: SeManageVolumePrivilege 2532 WMIC.exe Token: 33 2532 WMIC.exe Token: 34 2532 WMIC.exe Token: 35 2532 WMIC.exe Token: 36 2532 WMIC.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4452 wrote to memory of 2532 4452 cmd.exe 82 PID 4452 wrote to memory of 2532 4452 cmd.exe 82 PID 4452 wrote to memory of 720 4452 cmd.exe 83 PID 4452 wrote to memory of 720 4452 cmd.exe 83
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Loli-Mod-main\Loli Injector.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4452 -
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get Model2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2532
-
-
C:\Windows\system32\findstr.exefindstr /i "DADY HARDDISK QEMU HARDDISK WDC WDS100T2B0A"2⤵PID:720
-