Overview

overview

5

Static

static

1

steam_api.dll

windows7-x64

5

steam_api.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2023, 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    steam_api.dll

  • Size

    1.3MB

  • MD5

    e869484d80d8d08b1a31639127c3d344

  • SHA1

    29208a8734f6c713d2ea7c343ff159d35358e356

  • SHA256

    cdc6ac3c1c5e5d54fbfdbb825b7ea5f0a6b0886fc0cee7ff3cc51cef8d064b28

  • SHA512

    79e01f60c18c24d2fb366952b28463a48ec0955220e65f99c30870a2c4fd12a95619f4de665a055cedfe5623c8d083f71ec8861e6b6d2570424a9f088bf45891

  • SSDEEP

    24576:bKpb+Lpmbz9gAXilDGgP9GX0dc4hxU4BVoXoo1DJXLFT4mknD1pVOGXSCbAle:K+AzYDGsC0/9cDXT4t1iCcle

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4956
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4568
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3224

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3224-136-0x00007FF7C7010000-0x00007FF7C7020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3224-137-0x00007FF7C7010000-0x00007FF7C7020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3224-138-0x00007FF7C7010000-0x00007FF7C7020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3224-139-0x00007FF7C7010000-0x00007FF7C7020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3224-140-0x00007FF7C7010000-0x00007FF7C7020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3224-141-0x00007FF7C4B50000-0x00007FF7C4B60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3224-142-0x00007FF7C4B50000-0x00007FF7C4B60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4956-133-0x00000000751C0000-0x0000000075317000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4956-134-0x00000000751C0000-0x0000000075317000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4956-135-0x00000000751C0000-0x00000000751E9000-memory.dmp

      Filesize

      164KB

      Download