Overview

overview

8

Static

static

3

ExLoader_I...er.exe

windows7-x64

7

ExLoader_I...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2024 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ExLoader_Installer.exe

  • Size

    26.4MB

  • MD5

    2d3bb824bab42e39818e768c1fcc0e43

  • SHA1

    09bc8adef1d4444c8d163a768f419f12f733b9a1

  • SHA256

    c8b7de3ce429150617f25529aa436d28497b642925b7ea384c30f529ce8bc23b

  • SHA512

    3cbe7b4c7e38d2a6095e2e471308cd6cc5f185dcf45d96a5a28c22d946606386d7da411150b9fc9a9a8bb66c204693025e346102b06780a4b2dd101ab7c5eff0

  • SSDEEP

    786432:+H+GUanu5iNGMl6TbCS1uHYdgysWUt15IrCxGgvrck1:+eGUYuENMTbhc4dgysNtXIabX1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll
    Filesize

    17.3MB

    MD5

    225782e5d02f400a76b8fabe8a6f5cd1

    SHA1

    e54ef4f664a250808749be2ea9870607c20ace31

    SHA256

    b66713715a7aeaa2f88ba18838aa7c245556eaaeb31c82da3f5aebcb71a7715e

    SHA512

    9e88489361b36970a982329184b7afa9ef403ca86830427c60397e49522e5d38fc652ce4b65e79c54583a50ffee83fb138a02d638e015c9ff53e56164556be76

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
    Filesize

    184KB

    MD5

    1156779d6a1fe7eca6f4f70b7e159280

    SHA1

    df0058c5e0b2b6696d25e49cad5511a9d5fd9f08

    SHA256

    bab846b6030449f4c37af32c8119ffe595b5a3d0d924d5e99370dd059bac2767

    SHA512

    addd3a223a48697d9ea9d1e8ade91c70221c71dba64aa6c30877501acf17ab079d49d48fd7cab614df52b0f73eee771974ac64ca8e7a0c1f930a035e0fa7c2b9

    Download Submit