Overview

overview

7

Static

static

1

gta san an...es.exe

windows7-x64

7

gta san an...es.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    72s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-02-2023 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gta san andreas jcres.exe

  • Size

    5.5MB

  • MD5

    69c3de7ef8db679bd3b078d7b0f1c264

  • SHA1

    4060a0eefbe56f8030679eac07c1d431710379f1

  • SHA256

    7ed7bd10fcac95af3e17c39e39340c8e96d47d16728f625489da06cc58afa945

  • SHA512

    aea7fd6b926e01d96ca146a5e693d8fbd5d3fb67f499e4e81a07feb16469c5755a73d81151482a1e4b5728eb4774e712a1cc8256ee6a770174c1a85b7f485105

  • SSDEEP

    98304:i4bL2BI4YLfYFwzLwgpfpu/LLJUqJodlZWb+J5YwXFrjoMoKtnq9kFPHWc:NbLYhYLPzEgDu/LJ69WqMKFbD6kFWc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gta san andreas jcres.exe
    "C:\Users\Admin\AppData\Local\Temp\gta san andreas jcres.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Users\Admin\AppData\Local\Temp\is-HS7C9.tmp\gta san andreas jcres.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HS7C9.tmp\gta san andreas jcres.tmp" /SL5="$B0052,5490190,49152,C:\Users\Admin\AppData\Local\Temp\gta san andreas jcres.exe"
      2⤵
      • Executes dropped EXE
      PID:4704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-HS7C9.tmp\gta san andreas jcres.tmp
    Filesize

    682KB

    MD5

    a546ecf8c27932aede6ce0fafce40aeb

    SHA1

    687977a4fc93746f9d082f3e7d3903f99ec96396

    SHA256

    346332efb594147d4c1ba043e97a424f6f63293896c8fadd64884ca1979a023a

    SHA512

    b6edb91ee8070697ac371ad868f17843529f79b3d63b037d21771dd453dbb26778e4906b3a510e04d12d98c9d341dd1d9b1ffa88e761bb343783b23ccea2e2fa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-HS7C9.tmp\gta san andreas jcres.tmp
    Filesize

    682KB

    MD5

    a546ecf8c27932aede6ce0fafce40aeb

    SHA1

    687977a4fc93746f9d082f3e7d3903f99ec96396

    SHA256

    346332efb594147d4c1ba043e97a424f6f63293896c8fadd64884ca1979a023a

    SHA512

    b6edb91ee8070697ac371ad868f17843529f79b3d63b037d21771dd453dbb26778e4906b3a510e04d12d98c9d341dd1d9b1ffa88e761bb343783b23ccea2e2fa

    Download Submit
  • memory/4532-132-0x0000000000400000-0x0000000000413000-memory.dmp
    Filesize

    76KB

    Download
  • memory/4532-136-0x0000000000400000-0x0000000000413000-memory.dmp
    Filesize

    76KB

    Download
  • memory/4704-133-0x0000000000000000-mapping.dmp
    Download