Overview

overview

10

Static

static

Steam Chec...ne.dll

windows7-x64

1

Steam Chec...ne.dll

windows10-2004-x64

1

Steam Chec...52.dll

windows7-x64

1

Steam Chec...52.dll

windows10-2004-x64

1

Steam Chec...me.dll

windows7-x64

1

Steam Chec...me.dll

windows10-2004-x64

1

Steam Chec...in.dll

windows7-x64

1

Steam Chec...in.dll

windows10-2004-x64

1

Steam Chec...gn.dll

windows7-x64

1

Steam Chec...gn.dll

windows10-2004-x64

1

Steam Chec...ts.dll

windows7-x64

1

Steam Chec...ts.dll

windows10-2004-x64

1

Steam Chec...rk.dll

windows7-x64

1

Steam Chec...rk.dll

windows10-2004-x64

1

Steam Chec....0.dll

windows7-x64

1

Steam Chec....0.dll

windows10-2004-x64

1

Steam Chec...on.dll

windows7-x64

1

Steam Chec...on.dll

windows10-2004-x64

1

Steam Chec...on.exe

windows7-x64

10

Steam Chec...on.exe

windows10-2004-x64

10

Steam Chec...ne.dll

windows7-x64

1

Steam Chec...ne.dll

windows10-2004-x64

1

Steam Chec...en.dll

windows7-x64

1

Steam Chec...en.dll

windows10-2004-x64

1

Steam Chec...ig.bat

windows7-x64

10

Steam Chec...ig.bat

windows10-2004-x64

10

Steam Chec...C2.ps1

windows7-x64

1

Steam Chec...C2.ps1

windows10-2004-x64

1

Steam Chec...To.ps1

windows7-x64

1

Steam Chec...To.ps1

windows10-2004-x64

1

Steam Chec...rk.bat

windows7-x64

10

Steam Chec...rk.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    01-01-2023 04:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Steam Checker By abbadon/config/System/C2.ps1

  • Size

    216B

  • MD5

    f686af0c71099697b9e3cdb67dafde71

  • SHA1

    e24acca7145e84c4cb95627d8402895d0cf15dea

  • SHA256

    b64e5111b381cf66fd84aaf59ea503adf737c620ef550363466ce15822f52743

  • SHA512

    b2d90ac3447afbba7b0a6f43584f9d9533b0980dbb74e9d084f108cbcc80c3b299cbf120bfae13c4fbeb952c5208c99a4a08492ac0b732ebe1c1f8dbbbbeb5cc

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Steam Checker By abbadon\config\System\C2.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/784-132-0x0000014C2E320000-0x0000014C2E3A2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/784-133-0x0000014C2E290000-0x0000014C2E2B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/784-134-0x0000014C14FE0000-0x0000014C14FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/784-135-0x0000014C2EF30000-0x0000014C2F032000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/784-136-0x00007FFF4DB70000-0x00007FFF4E631000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/784-137-0x00007FFF4DB70000-0x00007FFF4E631000-memory.dmp

    Filesize

    10.8MB

    Download