Overview

overview

10

Static

static

10

Loader.rar

windows7-x64

1

Loader.rar

windows10-2004-x64

1

Loader/Loader.exe

windows7-x64

7

Loader/Loader.exe

windows10-2004-x64

8

Loader/vcomp140.dll

windows7-x64

1

Loader/vcomp140.dll

windows10-2004-x64

1

Loader/vcruntime.dll

windows7-x64

1

Loader/vcruntime.dll

windows10-2004-x64

1

Resubmissions

26/03/2025, 16:44

250326-t9brya1ls3 10

26/03/2025, 16:43

250326-t8ahgsyxbv 10

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2025, 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader/Loader.exe

  • Size

    7.5MB

  • MD5

    251ac55d55b47ec078473eeaa1e510e7

  • SHA1

    1126ce753d5f4916e5e4f0fa5fa002bd7bce181b

  • SHA256

    60bbd89cca19b257dd70d37ce4907d86e96b2711da5d945dd4204a88edad318b

  • SHA512

    90120ff2ac2ad04758279695b43b45759829535d7b8519a2907bc2b1169a1e510a7e383e2347e7f15225de1a924bd9b77637d9c77e7838d99b062c279ae3912f

  • SSDEEP

    196608:pWOgoiwfI9jUCH0+n4/JKIYJmg+Irj+dD1SAxw:28IHU+GJPYf9ydD1s

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
      2⤵
      • Loads dropped DLL
      PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI23242\python312.dll
    Filesize

    1.7MB

    MD5

    b4aca05e0313328b0cb6c696b15dc130

    SHA1

    2aee2e1f3c9135651a61453b0a3480bda49282e0

    SHA256

    a6a2a464dfbb3bf5dad26a0eeae1af443160e2996ca59b85a9669e94b1a0d136

    SHA512

    2a2bb820ff9103379c7b273c1dde88e4701232c4793df0641a095a48c0f19d73300df7fd0e2433977667864279e8a8b5da6d0df493c46adf408c291469d81f6a

    Download Submit

  • memory/2648-23-0x000007FEF67D0000-0x000007FEF6E92000-memory.dmp

    Filesize

    6.8MB

    Download