a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36

Submit
Reports

Overview

overview

Static

static

BetterJoy_v7.1.zip

windows7-x64

BetterJoy_v7.1.zip

windows10-2004-x64

BetterJoyForCemu.exe

windows7-x64

BetterJoyForCemu.exe

windows10-2004-x64

BetterJoyF...xe.xml

windows7-x64

BetterJoyF...xe.xml

windows10-2004-x64

Crc32.NET.dll

windows7-x64

Crc32.NET.dll

windows10-2004-x64

Drivers/HI...n).bat

windows7-x64

Drivers/HI...n).bat

windows10-2004-x64

Drivers/HI...n).bat

windows7-x64

Drivers/HI...n).bat

windows10-2004-x64

Drivers/HI...ib.dll

windows7-x64

Drivers/HI...ib.dll

windows10-2004-x64

Drivers/HI...sts.js

windows7-x64

Drivers/HI...sts.js

windows10-2004-x64

Drivers/HI...els.js

windows7-x64

Drivers/HI...els.js

windows10-2004-x64

Drivers/HI...in.css

windows7-x64

Drivers/HI...in.css

windows10-2004-x64

Drivers/HI...in.css

windows7-x64

Drivers/HI...in.css

windows10-2004-x64

Drivers/HI...min.js

windows7-x64

Drivers/HI...min.js

windows10-2004-x64

Drivers/HI...min.js

windows7-x64

Drivers/HI...min.js

windows10-2004-x64

Drivers/HI...min.js

windows7-x64

Drivers/HI...min.js

windows10-2004-x64

Drivers/HI...min.js

windows7-x64

Drivers/HI...min.js

windows10-2004-x64

Drivers/HI...min.js

windows7-x64

Drivers/HI...min.js

windows10-2004-x64

Analysis

max time kernel
77s
max time network
83s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 19:50

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

BetterJoy_v7.1.zip

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

BetterJoy_v7.1.zip

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

BetterJoyForCemu.exe

Resource

win7-20221111-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

BetterJoyForCemu.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

BetterJoyForCemu.exe.xml

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

BetterJoyForCemu.exe.xml

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

Crc32.NET.dll

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Crc32.NET.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Drivers/HIDGuardian/HIDGuardian Install (Run as Admin).bat

Resource

win7-20221111-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral10

Sample

Drivers/HIDGuardian/HIDGuardian Install (Run as Admin).bat

Resource

win10v2004-20220812-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

Drivers/HIDGuardian/HIDGuardian Uninstall (Run as Admin).bat

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

Drivers/HIDGuardian/HIDGuardian Uninstall (Run as Admin).bat

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Lib.dll

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Lib.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/custom/api-requests.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/custom/api-requests.js

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/custom/viewmodels.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/custom/viewmodels.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap-theme.min.css

Resource

win7-20220901-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap-theme.min.css

Resource

win10v2004-20220901-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap.min.css

Resource

win7-20221111-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral22

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap.min.css

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral23

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap.min.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap.min.js

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/jquery-3.2.1.min.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/jquery-3.2.1.min.js

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/jquery.form.min.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/jquery.form.min.js

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/knockout-min.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/knockout-min.js

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/knockout.mapping.min.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/knockout.mapping.min.js

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

BetterJoy_v7.1.zip
Size

4.2MB
MD5

cfdfd386b72aafe8b68390f4f83c63ce
SHA1

b189cd95436c59fae09bdfc20244f380c210b744
SHA256

a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36
SHA512

1112377fa1daa6f5d77f1ba840c1f964fc029c7085e00a1d1418bdbfbb94f2c31d369f5454f85641b6de6dda280f97a1bb71b750be9f4917acb696d1c8387bf0
SSDEEP

98304:ckT92bM+bd1/ngy/GizoQO1iL54S32tAkj/6y2JLFiOiZ8:ckT9/INg0GizoFi5d32qI/O59k8

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1632	AUDIODG.EXE
Token: 33	1632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1632	AUDIODG.EXE

Processes

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BetterJoy_v7.1.zip
1⤵
PID:2032

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1940-55-0x0000000072D11000-0x0000000072D13000-memory.dmp

Filesize
8KB

Download