Overview

overview

10

Static

static

10

dogecoin-1...li.exe

windows7-x64

3

dogecoin-1...li.exe

windows10-2004-x64

3

dogecoin-1...nd.exe

windows7-x64

10

dogecoin-1...nd.exe

windows10-2004-x64

10

dogecoin-1...qt.exe

windows7-x64

10

dogecoin-1...qt.exe

windows10-2004-x64

10

dogecoin-1...re.exe

windows7-x64

10

dogecoin-1...re.exe

windows10-2004-x64

10

dogecoin-1...ll.exe

windows7-x64

7

dogecoin-1...ll.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    478s
  • max time network
    480s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2025 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dogecoin-1.14.9-win32/dogecoin-qt.exe

  • Size

    34.1MB

  • MD5

    f421c6d2c8e4a07d7be1a13a4cbe6c82

  • SHA1

    6f25ceaeeaf69d7dd662f39c46bcb4470cac69c6

  • SHA256

    651f67cb96ed59fa41171741443710eb47a17d6173a925ad57a4f142bf50842a

  • SHA512

    d99873cceb05d3430ebe4235298e8649c20c13977e230bcd7bca92dd68ffde5a55b24ce241ea92879b005117414adbd18149a7984089b6ad3b0e5e2a3fc8889f

  • SSDEEP

    393216:HPvtaqFj3oP1L1d00XqDtb4knbfRVBhHjcF7X+lx+adk5j4xbRVeawa9AV88NrbQ:HPvtaq3oP15chHWX+v+drlTMx

Score
10/10
aresloaderdiscoveryloader

Malware Config

Extracted

Family

aresloader

C2

http://127.0.0.1:22555

Signatures

  • AresLoader

    AresLoader is a loader and downloader written in C++.

    loaderaresloader
  • Aresloader family
    aresloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\dogecoin-qt.exe
    "C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\dogecoin-qt.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2344
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2684
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3064
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
        PID:2424
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
          PID:1932

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\blk00000.dat
          Filesize

          16.0MB

          MD5

          7cb7814bdeaa362268c9c5732a39d8db

          SHA1

          1d39fb869ac234a3d2fdf39bced7be91075e1969

          SHA256

          680e328c73a0065fd361fc94ad14032569346d043ed9b021bf56fad17fb1f062

          SHA512

          a6d7d7429473f0846af240b1ab4456af96eda33c7950720b023e71f92ce4ae3b03de7894a0414f1c8e5eb53f629b07ea33a8400be4112c875357abd8344e1c89

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\blk00000.dat
          Filesize

          16.0MB

          MD5

          a196131b237710791bc7b25b1c8d41db

          SHA1

          849515d8b8ccdee1509a537f340ab301392f9af8

          SHA256

          46b376f755547a462122a188fd372af7c51d4e71d5ba8d39782ded1797dcda88

          SHA512

          25f15fc5c89a4914f192ab69ba20ee6fd0626bba3ac4b97b7f498d3cf6b347dc168caabd1f03b18b39070bedc615a053991e3e4e7f363ec9ee8af2d23c0f9c22

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\index\CURRENT
          Filesize

          16B

          MD5

          206702161f94c5cd39fadd03f4014d98

          SHA1

          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

          SHA256

          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

          SHA512

          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\index\CURRENT~RFf7740a8.TMP
          Filesize

          16B

          MD5

          46295cac801e5d4857d09837238a6394

          SHA1

          44e0fa1b517dbf802b18faf0785eeea6ac51594b

          SHA256

          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

          SHA512

          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          96dcfe89f85be86e57794c5b9d28751d

          SHA1

          321246c0cece2a0e1e4b093628c225cceea23d9d

          SHA256

          a455f606571694fb3a324eafe2f1b1863cd8a81e67ee4b83f0d3fc7a7d76da8b

          SHA512

          097221fbb8d4dca5ae3fd90b092e9b588001611fa4a84ddb9e37469f4f4ae95447ee8106d5c8a5ea5d71560907407c65ab315e19169d76876f78369064dd5a08

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          731a2e79744bde541e2d0809f2bd0339

          SHA1

          ce809f144262aace667ffb34e4c280441cdae3aa

          SHA256

          682a82cc1c6b8e82111fac2eb443668e7679dc6bf61863266b66e9f393b0f3d4

          SHA512

          f7a84ea46ddd9df02a09e83cbdaf62b58e8821cb31aea9e3f14588f8e8142c911924f6ad74c3df4bc6ca5a8095dbaa2910bb60b96721caef9891545c18aab8fa

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          dc9686cdc12ce8b534a84f6d72131a2d

          SHA1

          4156ba55e5c9ada71d9a7d35530ac3936e07c3dc

          SHA256

          9685c9953235923ebc3a4a27a2773cd282abed70f5d895734b52a40b7fec468e

          SHA512

          ecf347bf29683766cc9fc70fb4064e077e2f5613f49209a784380b06f837506daa2ac06024b447916d5a4924cd503d45562b8f486fa582e2f2bc82790dae6782

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          3938f3001762aee4ecca99eadf746dd7

          SHA1

          10e557e85ad182d350ef560a3395f5a0b8de8c73

          SHA256

          d2bf3dd2ef9999c65394cc7ad7a09bf16bb7e9174e1b11fdccd21285d21c23be

          SHA512

          9154090e2e8b8bdbc582b773720f58f495d444471590f0da14353cbcb49aa1bc6d736b3a0f902a003feed6373a8e7f22c5ce1ddccea5399db6ed3c15feec448b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          9bd44fab07d2819a8831533817e270aa

          SHA1

          ec901905b5d582d89fd5edfbf4ddde0f93dd99bf

          SHA256

          43866262aa5d832100d03b2f267379ed4a3b303288c623eff27c3dab0d1348d3

          SHA512

          8e04da673673dc99815c2f6c81c87cadda58af1be4a3cb63be7d78ab80ef966b5e709e1c3f16797444e4bdceb37f1c56b8aa97e4cfc9273bc9d35323882456b7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          c51e119e9b3de39afcec1295e36f8143

          SHA1

          2714f5ae5035d30a829d2e1b8101c9f9ff55e1b5

          SHA256

          cf8e1055f5b20373c5be84bef57735e32ccdfe80475c72786c37805e3c6eb504

          SHA512

          992e87cb009ea3fb66fd392e794a71bd6f9986c610eae839d5c1441bdedcbdb880ec271f69d7505e2bd223e0e1e361dd8d29779c13848e19a3a86fe09466cc9b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          d137a538f5fe0c6fd3f42af18c3560be

          SHA1

          8b7376c33c0d61494127d56008477e4f7cea5a0a

          SHA256

          92bd724e232cd8f68da078c4903778e2ae5e0e631ec372ac2cd9d39fd7e91a76

          SHA512

          02a776ffce6468f8df2647fdc861f413fc9cbb31d496a651ef0b7a2009f166777e86c8e459cd29e9af164ab049ea2c2d3a706524129f510d5491635432b12ce1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
          Filesize

          1024KB

          MD5

          94f0233f5e5541a8933daf1a1e94d4e8

          SHA1

          732eb816fc8582190611097acb69dde6175f9270

          SHA256

          81ae9ed2abe8fade24e708b6e0f36043c246693f7dc956dc4ef141264f42b8ed

          SHA512

          da71e789483764a51c1544fe6ea5c239a99a5182b55706e8d17f78ebadf51bcb0f29e1d628a4f1002941665860426a639e4c88f59f6b45cd0144409217fac007

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Dogecoin\database\log.0000000001
          Filesize

          1024KB

          MD5

          5929428a06694d97058953608bf52ece

          SHA1

          4c609f9cf5b4747e33eb644f36717748661cfeb6

          SHA256

          ccfc016b69647eb17f50d68e03631e6250a1f55cd3181dbe2d791b1a02b838f9

          SHA512

          61132a308735f5cdbaa0500fb62223e52533f6e0138df38c4522eb7f634f2ddfdfbe20a36a1ebb3c9546f5261243c6e95c0b61ee8682570ae26f3b0c44b50c65

          Download Submit

        • memory/2344-2042-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-4865-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7320-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-271-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-272-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7315-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-274-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7308-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7305-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-264-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7300-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7297-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-261-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7292-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7289-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7286-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-404-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-257-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-1-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7283-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-982-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7278-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-1464-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7273-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-0-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7266-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7261-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-2589-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-3166-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-3743-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-4288-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-269-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-5410-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-5955-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-6340-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-6565-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-6758-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-6951-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7144-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7209-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7216-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7223-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7230-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7235-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7240-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7245-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/2344-7248-0x0000000000F70000-0x00000000031A3000-memory.dmp

          Filesize

          34.2MB

          Download

        • memory/3064-259-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-2204-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-1657-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-1143-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-597-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-258-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-2075-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-260-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-265-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-263-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-262-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-275-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-273-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3064-270-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download